Security for objects in a process plant configuration system

ABSTRACT

A configuration system uses process plant items that may represent, or be capable of representing, entities in a process plant to assist in configuring, organizing, and changing the control and display activities within the process plant. Access to the items may be controlled by associating access control data with the items. The configuration system may also use objects that represent, or may be capable of representing, one or more steps to be performed by entities in the process plant. Access to these objects may be controlled by associating access control data with the objects. The access control data may indicate whether users or certain users may be able to, for example, view or modify all or some data associated with the process plant items or the objects. The process plant items may comprise, for example, module class objects which may be capable of generically representing process entities of the process plant, module objects which may be capable of specifically representing process entities of the process plant, composite templates, module templates, etc. The objects that represent, or may be capable of representing, one or more steps to be performed by entities in the process plant may comprise, for example, phase classes or unit phases.

CROSS-REFERENCES TO RELATED APPLICATIONS

The present application is a continuation-in-part of U.S. patentapplication Ser. No. 10/368,151, entitled “MODULE CLASS OBJECTS IN APROCESS PLANT CONFIGURATION SYSTEM,” filed on Feb. 18, 2003, which ishereby incorporated by reference herein in its entirety for allpurposes.

The present application is related to copending U.S. patent applicationSer. No. 10/853,668, entitled “VERSION CONTROL FOR OBJECTS IN A PROCESSPLANT CONFIGURATION SYSTEM,” filed on same day as the presentapplication, which is hereby incorporated by reference herein in itsentirety for all purposes.

FIELD OF THE DISCLOSURE

The present invention relates generally to process plants and, moreparticularly, to security related to configuring a process plant andviewing the operation of the process plant.

BACKGROUND

Distributed process control systems, like those used in chemical,petroleum or other processes, typically include one or more processcontrollers communicatively coupled to one or more field devices viaanalog, digital or combined analog/digital buses. The field devices,which may be, for example, valves, valve positioners, switches andtransmitters (e.g., temperature, pressure, level and flow rate sensors),are located within the process environment and perform process functionssuch as opening or closing valves, measuring process parameters, etc.Smart field devices, such as the field devices conforming to the wellknown Fieldbus protocol may also perform control calculations, alarmingfunctions, and other control functions commonly implemented within thecontroller. The process controllers, which are also typically locatedwithin the plant environment, receive signals indicative of processmeasurements made by the field devices and/or other informationpertaining to the field devices and execute a controller applicationthat runs, for example, different control modules which make processcontrol decisions, generate control signals based on the receivedinformation and coordinate with the control modules or blocks beingperformed in the field devices, such as HART and Fieldbus field devices.The control modules in the controller send the control signals over thecommunication lines to the field devices to thereby control theoperation of the process plant.

Information from the field devices and the controller is usually madeavailable over a data highway to one or more other hardware devices,such as operator workstations, personal computers, data historians,report generators, centralized databases, etc., typically placed incontrol rooms or other locations away from the harsher plantenvironment. These hardware devices run applications that may, forexample, enable an operator to perform functions with respect to theprocess, such as changing settings of the process control routine,modifying the operation of the control modules within the controllers orthe field devices, viewing the current state of the process, viewingalarms generated by field devices and controllers, simulating theoperation of the process for the purpose of training personnel ortesting the process control software, keeping and updating aconfiguration database, etc.

As an example, the DeltaV™ control system, sold by Fisher RosemountSystems, Inc. includes multiple applications stored within and executedby different devices located at diverse places within a process plant. Aconfiguration application, which resides in one or more operatorworkstations, enables users to create or change process control modulesand download these process control modules via a data highway todedicated distributed controllers. Typically, these control modules aremade up of communicatively interconnected function blocks, which areobjects in an object oriented programming protocol that performfunctions within the control scheme based on inputs thereto and thatprovide outputs to other function blocks within the control scheme. Theconfiguration application may also allow a configuration designer tocreate or change operator interfaces which are used by a viewingapplication to display data to an operator and to enable the operator tochange settings, such as set points, within the process controlroutines. Each dedicated controller and, in some cases, field devices,stores and executes a controller application that runs the controlmodules assigned and downloaded thereto to implement actual processcontrol functionality. The viewing applications, which may be run on oneor more operator workstations, receive data from the controllerapplication via the data highway and display this data to processcontrol system designers, operators, or users using the user interfaces,and may provide any of a number of different views, such as anoperator's view, an engineer's view, a technician's view, etc. A datahistorian application is typically stored in and executed by a datahistorian device that collects and stores some or all of the dataprovided across the data highway while a configuration databaseapplication may run in a still further computer attached to the datahighway to store the current process control routine configuration anddata associated therewith. Alternatively, the configuration database maybe located in the same workstation as the configuration application.

Presently, configuration applications may include a library of templateobjects, such as function block template objects and, in some cases,control module template objects. These configuration applications areused to configure a control strategy for a process plant. The templateobjects all have default properties, settings and methods associatedtherewith and the engineer using the configuration application canselect these template objects and essentially place copies of theselected template objects into a configuration screen to develop acontrol module. During the process of selecting and placing the templateobjects into the configuration screen, the engineer interconnects theinputs and outputs of these objects and changes their parameters, names,tags and other properties to create a specific control module for aspecific use in the process plant. After creating one or more suchcontrol modules, the engineer can then instantiate the control moduleand download it to the appropriate controller or controllers and fielddevices for execution during operation of the process plant.

Thereafter, the engineer generally creates one or more displays foroperators, maintenance personnel, etc. within the process plant byselecting and building display objects in a display creationapplication. These displays are typically implemented on a system widebasis in one or more of the workstations and provide preconfigureddisplays to the operator or maintenance persons regarding the operatingstate of the control system or the devices within the plant. Typically,these displays take the form of alarming displays that receive anddisplay alarms generated by controllers or devices within the processplant, control displays indicating the operating state of thecontrollers and other devices within the process plant, maintenancedisplays indicating the functioning state of the devices within theprocess plant, etc. These displays are generally preconfigured todisplay, in known manners, information or data received from the processcontrol modules or the devices within the process plant. In some knownsystems, displays are created through the use of objects that have agraphic associated with a physical or logical element and that iscommunicatively tied to the physical or logical element to receive dataabout the physical or logical element. The object may change the graphicon the display screen based on the received data to illustrate, forexample, that a tank is half full, to illustrate the flow measured by aflow sensor, etc.

Similar to the control configuration application, a display creationapplication has template graphical display items, such as tanks, valves,sensors, operator control buttons like slide bars, on/off switches, etc.which may be placed on a screen in any desired configuration to createan operator display, maintenance display and the like. When placed ontothe screen, individual graphic items may be interconnected on the screenin a manner that provides some information or display of theinner-workings of the process plant to different users. However, toanimate the graphic display, the display creator must manually tie eachof the graphical items to data generated within the process plant, suchas data measured by sensors or indicative of valve positions, etc. byspecifying a communication link between the graphic item and therelevant data source within the process plant. This process is tedious,time consuming and maybe fraught with error.

While the control template objects within the control configurationapplication and the display items within the display creationapplication are convenient because they can be copied and used to createmany different control modules and graphical displays, there is often aneed to create numerous of the same control module and graphical displayfor different equipment within the process plant. For example, manymedium to large sized process plants have numerous instances of the sameor similar equipment that can be controlled and viewed using the samebasic general control module and display. To create these numerouscontrol modules and displays, however, a general control module ordisplay module is created and this general control or display module isthen copied for each of the different pieces of equipment for which itis applicable. Of course, after being copied, each of the new control ordisplay modules must be manually altered in the configurationapplication to specify the particular equipment to which it is attachedand all of these control and display modules must then be instantiatedand downloaded to the process control system.

Unfortunately, the control modules and displays items discussed aboveare not modular in any manner. Thus, after being copied, each of thecontrol modules and displays must be manually and individually alteredusing the appropriate configuration application to specify the equipmentwithin the plant to which they are to be associated. In a plant havingmany copies of the same type of equipment (i.e., replicated equipment),this process is tedious, time consuming and fraught with operatorintroduced errors. Still further, once programmed, these differentcontrol modules and displays are not aware of each other. Therefore, tomake a change to the control modules once created, the engineer oroperator must manually make the same change to each of the differentcontrol modules for the different replicated equipment which, again, istime consuming and tedious. The same problem applies for the graphicalviews created for the different sets of replicated equipment within theplant. In other words, once a specific control module or a specificgraphical view is created (individually or by being copied from atemplate object) and is then tied to a particular set of equipmentwithin the plant, this control module or graphical view exists as aseparate entity or object within the system without any automaticawareness of the other control modules or graphical displays that arethe same or similar to it. As a result, changes applicable to every oneof the control modules and graphical displays of a particular type mustbe made individually on those modules and displays.

Still further, because each control module and display is an individualobject, it must be open, in the sense that all of its internalparameters, views, function blocks, and other elements must be madeavailable to any user to be changed, viewed, etc. Currently, there is nomanner of controlling what certain operators or other users may see orhave access to in these control modules and displays and, thus, there isno ability to hide certain elements of these control modules anddisplays, such as proprietary software and methods, alarming activities,etc. from the user of the control modules and displays.

SUMMARY

A configuration system uses process plant items that may represent, orbe capable of representing, entities in a process plant to assist inconfiguring, organizing, and changing the control and display activitieswithin the process plant. Access to the items may be controlled byassociating access control data with the items. The configuration systemmay also use objects that represent, or may be capable of representing,one or more steps to be performed by entities in the process plant.Access to these objects may be controlled by associating access controldata with the objects. The access control data may indicate whetherusers or certain users may be able to, for example, view or modify allor some data associated with the process plant items or the objects. Theprocess plant items may comprise, for example, module class objectswhich may be capable of generically representing process entities of theprocess plant, module objects which may be capable of specificallyrepresenting process entities of the process plant, composite templates,module templates, etc. The objects that represent, or may be capable ofrepresenting, one or more steps to be performed by entities in theprocess plant may comprise, for example, phase classes or unit phases.

Configuration systems, viewing systems, debugging systems, run-timemonitoring systems, asset management systems, etc., may examine theaccess control data associated with an item, group of items, object,group of objects, etc., to determine if access to data associated withthe item or object is to be limited. Also, protected data could be, forexample, encrypted to prevent a configuration system, a viewing system,a debugging system, a run-time monitoring system, an asset managementsystem, etc., from viewing the protected data.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a distributed process control networklocated within a process plant, including an operator workstation thatimplements a configuration application that uses module class objects toconfigure control and display activities for the process plant;

FIG. 2 is a diagram of a reactor unit of FIG. 1;

FIG. 3 is a diagram of a totalizer equipment entity used in the reactorunit of FIG. 2;

FIG. 4 is a diagram of an outlet valve system used in the reactor unitof FIG. 2;

FIG. 5 is a logical diagram illustrating the interrelationships betweenmodule class objects and associated module objects for unit, equipment,control and display types of module class objects;

FIG. 6 is a logical diagram of reactor unit module class object, whichcan be used to perform configuration activities for reactors within theplant of FIG. 1;

FIG. 7 is a logical diagram of a totalizer equipment module classobject, which can be used to perform configuration activities fortotalizers within the plant of FIG. 1;

FIG. 8 is a depiction of a first configuration screen which may be usedby a configuration operator to configure a process plant using moduleclass objects;

FIG. 9 is a depiction of a second configuration screen which may be usedby a configuration operator to configure a process plant using moduleclass objects;

FIG. 10 is a depiction of a third configuration screen which may be usedby a configuration operator to configure a process plant using moduleclass objects;

FIG. 11 is a depiction of a fourth configuration screen which may beused by a configuration operator to configure a process plant usingmodule class objects;

FIG. 12 is a depiction of a fifth configuration screen which may be usedby a configuration operator to configure a process plant using moduleclass objects;

FIG. 13 is a depiction of a sixth configuration screen which may be usedby a configuration operator to configure a process plant using moduleclass objects;

FIG. 14 is a depiction of a seventh configuration screen which may beused by a configuration operator to configure a process plant usingmodule class objects;

FIG. 15 is a depiction of an eighth configuration screen which may beused by a configuration operator to configure a process plant usingmodule class objects; and

FIG. 16 is a depiction of a ninth configuration screen which may be usedby a configuration operator to configure a process plant using moduleclass objects;

FIG. 17 is a flow diagram of an example routine for configuring aprocess plant item to limit access to the item;

FIG. 18A is an example screen display showing sub-elements, includingfunction blocks, of a composite template;

FIG. 18B is an example screen display showing sub-elements of thecomposite template of FIG. 18A, but in which the function blocksub-elements are hidden;

FIG. 19 is a flow diagram of an example routine for configuring a groupof process plant items to limit access to the group;

FIG. 20 is a flow diagram of an example routine for determining whetherto permit viewing of data associated with a process plant;

FIG. 21 is a flow diagram of an example routine for determining whetherto permit modification of a process plant item or a group of processplant items;

FIG. 22 is a flow diagram of an example routine for exporting a processplant item;

FIG. 23 is a block diagram of an example configuration system that maybe used to provide version control and audit trail informationassociated with a process plant;

FIG. 24 is a flow diagram of an example routine for facilitating thetracking of versions of a process plant item;

FIG. 25 is a flow diagram of an example routine for facilitating thetracking of versions of process plant items;

FIG. 26 is a flow diagram of an example routine for facilitating theconfiguration of a process plant item;

FIG. 27 is a flow diagram of an example routine for facilitating theconfiguration of process plant items;

FIG. 28 is an example screen display of a user interface for configuringa module class object;

FIG. 29 is another example screen display of a user interface forconfiguring a module class object;

FIG. 30 is an example screen display of a user interface for debugging amodule object in which data associated with the module object is nothidden; and

FIG. 31 is the example screen display of FIG. 30 but in which dataassociated with the module object is hidden.

DETAILED DESCRIPTION

Referring now to FIG. 1, a process plant 10 includes one or more processcontrollers 12 coupled to numerous workstations 14 via, for example, anEthernet connection or bus 15. The controllers 12 are also coupled todevices or equipment within the process plant 10 via sets ofcommunication lines or buses 18, with only the set of communicationlines 18 connected to the controller 12 a being illustrated in FIG. 1.The controllers 12, which may be implemented by way of example onlyusing the DeltaV™ controller sold by Fisher-Rosemount Systems, Inc., arecapable of communicating with control elements, such as field devicesand function blocks within field devices distributed throughout theprocess plant 10 to perform one or more process control routines 19 tothereby implement desired control of the process plant 10. Theworkstations 14 (which may be, for example, personal computers) may beused by one or more configuration engineers to design the processcontrol routines 19 to be executed by the controllers 12 and displayroutines to be executed by the workstations 14 or other computers, andto communicate with the controllers 12 so as to download such processcontrol routines 19 to the controllers 12. Furthermore, the workstations14 may execute display routines that receive and display informationpertaining to the process plant 10 or elements thereof during operationof the process plant 10.

Each of the workstations 14 includes a memory 20 for storingapplications, such as configuration design applications and display orviewing applications, and for storing data, such as configuration datapertaining to the configuration of the process plant 10. Each of theworkstations 14 also includes a processor 21 that executes theapplications to enable a configuration engineer to design processcontrol routines and other routines and to download these processcontrol routines to the controllers 12 or to other computers or tocollect and display information to a user during operation of theprocess plant 10.

Still further, each of the controllers 12 includes a memory 22 thatstores control and communication applications and a processor 24 thatexecutes the control and communication applications in any known manner.In one case, each of the controllers 12 stores and executes a controllerapplication that implements a control strategy using a number ofdifferent, independently executed, control modules or blocks 19. Thecontrol modules 19 may each be made up of what are commonly referred toas function blocks wherein each function block is a part or a subroutineof an overall control routine and operates in conjunction with otherfunction blocks (via communications called links) to implement processcontrol loops within the process plant 10. As is well known, functionblocks, which may be objects in an object oriented programming protocol,typically perform one of an input function, such as that associated witha transmitter, a sensor or other process parameter measurement device, acontrol function, such as that associated with a control routine thatperforms PID, fuzzy logic, etc. control, or an output function whichcontrols the operation of some device, such as a valve, to perform somephysical function within the process plant 10. Of course hybrid andother types of complex function blocks exist such as model predictivecontrollers (MPCs), optimizers, etc. While the Fieldbus protocol and theDeltaV™ system protocol use control modules and function blocks designedand implemented in an object oriented programming protocol, the controlmodules could be designed using any desired control programming schemeincluding, for example, sequential function block, ladder logic, etc.and are not limited to being designed using function block or any otherparticular programming technique.

The workstations 14 may provide a graphical depiction of the processcontrol routines 19 within the controllers 12 to a user via a displayscreen illustrating the control elements within the process controlroutines 19 and the manner in which these control elements areconfigured to provide control of the process plant 10. In the system ofFIG. 1, a configuration database 25 is connected to the Ethernet bus 15to store configuration data used by the controllers 12 and theworkstations 14 as well as to serve as a data historian by collectingand storing data generated in the process plant 10 for future use.

In the process plant 10 illustrated in FIG. 1, the controller 12 a iscommunicatively connected via the bus 18 to three sets of similarlyconfigured reactors (which are replicated equipment within the plant 10)referred to herein as Reactor_01, Reactor_02 and Reactor_03. Reactor_01includes a reactor vessel or tank 100, three input valve systems (whichare equipment entities) 101, 102 and 103 connected so as to controlfluid inlet lines providing acid, alkali and water, respectively, intothe reactor vessel 100 and an outlet valve system 104 connected so as tocontrol fluid flow out of the reactor vessel 100. A sensor 105, whichcan be any desired type of sensor, such as a level sensor, a temperaturesensor, a pressure sensor, etc., is disposed in or near the reactorvessel 100. For the purpose of this discussion, the sensor 105 isassumed to be a level sensor. Moreover, a shared header valve system 110is connected on the water line upstream of each of the reactorsReactor_01, Reactor_02 and Reactor_03 to provide a master control forcontrolling the flow of water to each of those reactors.

Similarly, Reactor_02 includes a reactor vessel 200, three input valvesystems 201, 202 and 203, an outlet valve system 204 and a level sensor205 while Reactor_03 includes a reactor vessel 300, three input valvesystems 301, 302 and 303, an outlet valve system 304 and a level sensor305. In the example of FIG. 1, the reactors Reactor_01, Reactor_02 andReactor_03 may produce salt with the input valve systems 101, 201 and301 providing acid, the input valve systems 102, 202 and 302 providingalkali and the input valve systems 103, 203 and 303, in conjunction withthe shared water header 110, providing water to the reactor vessel 100.The outlet valve systems 104, 204 and 304 may be operated to sendproduct out of a flow line directed to the right in FIG. 1 and to drainwaste or other unwanted material out of a flow line directed to thebottom in FIG. 1.

The controller 12 a is communicatively coupled to the valve systems101-104, 110, 201-204 and 301-304 and to the sensors 105, 205 and 305via the bus 18 to control the operation of these elements to perform oneor more operations with respect to the reactor units, Reactor-01,Reactor_02 and Reactor_03. Such operations, generally called phases, mayinclude, for example, filling the reactor vessels 100, 200, 300, heatingthe material within the reactor vessels 100, 200, 300, dumping thereactor vessels 100, 200, 300, cleaning the reactor vessels 100, 200,300, etc.

The valves, sensors and other equipment illustrated in FIG. 1 may be anydesired kinds or types of equipment including, for example, Fieldbusdevices, standard 4-20 ma devices, HART devices, etc. and maycommunicate with the controller 12 using any known or desiredcommunication protocol such as the Fieldbus protocol, the HART protocol,the 4-20 ma analog protocol, etc. Still further, other types of devicesmay be connected to and be controlled by the controllers 12 inaccordance with the principles discussed herein. Also, other numbers andtypes of controllers may be connected within the plant 10 to controlother devices or areas associated with the process plant 10 and theoperation of such additional controllers may be coordinated with theoperation of the controller 12 a illustrated in FIG. 1 in any desiredmanner.

Generally speaking, the process plant 10 of FIG. 1 may be used toimplement batch processes in which, for example, one of the workstations14 or the controller 12 a executes a batch executive routine, which is ahigh level control routine that directs the operation of one or more ofthe reactor units (as well as other equipment) to perform a series ofdifferent steps (commonly referred to as phases) needed to produce aproduct, such as a particular type of salt. To implement differentphases, the batch executive routine uses what is commonly referred to asa recipe which specifies the steps to be performed, the amounts andtimes associated with the steps and the order of the steps. Steps forone recipe might include, for example, filling a reactor vessel with theappropriate materials or ingredients, mixing the materials within thereactor vessel, heating the materials within the reactor vessel to acertain temperature for a certain amount of time; emptying the reactorvessel and then cleaning the reactor vessel to prepare for the nextbatch run. Each of the steps defines a phase of the batch run and thebatch executive routine within the controller 12 a will execute adifferent control algorithm for each one of these phases. Of course, thespecific materials, amounts of materials, heating temperatures, times,etc. may be different for different recipes and, consequently, theseparameters may change from batch run to batch run depending on theproduct being manufactured or produced and the recipe being used. Thoseskilled in the art will understand that, while control routines andconfigurations are described herein for batch runs in the reactorsillustrated in FIG. 1, control routines may be used to control otherdesired devices to perform any other desired batch process runs or toperform continuous process runs, if so desired.

As will also be understood, the same phases or steps of a batch processcan be implemented on each of the different reactor units of FIG. 1 atthe same or at different times. Furthermore, because the reactor unitsof FIG. 1 generally include the same number of and types of equipment,the same generic phase control routine for a particular phase may beused to control each of the different reactor units, except that thisgeneric phase control routine has to be modified to control thedifferent hardware or equipment associated with the different reactorunits. For example, to implement a fill phase for Reactor_01 (whereinthe reactor unit is filled), a fill control routine will open one ormore valves associated with the input valve systems 101, 102 and 103 fora certain amount of time, for example, until the level meter 105 sensesthat the vessel 100 is full. However, this same control routine may beused to implement a fill phase for Reactor_02 by merely changing thedesignation of the input valve(s) to be those associated with the valvesystems 201, 202 and 203 instead of the valve systems 101, 102 and 103and by changing the designation of the level meter to be the level meter205 instead of the level meter 105.

FIG. 2 illustrates one of the reactors of FIG. 1, in particular theReactor_01, in more detail. As similarly illustrated in FIG. 1,Reactor_01 of FIG. 2 includes the reactor tank 100, the input valvessystems 101, 102, 103 and 110 for the input of acid, alkali and waterinto the tank 100, the outlet valve system 104 for removing materialfrom the tank 100 and the level sensor 105. As further illustrated inFIG. 2, each of the input valve systems 101, 102 and 110 uses a similarequipment entity, referred to as a totalizer, which includes two valvesdisposed in parallel with one another and a flow measurement devicedisposed downstream of the two valves. The totalizer for the input valvesystem 101, which is illustrated in more detail in FIG. 3, includes anon/off type valve named coarse valve 101 a, an on/off type valve namedfine valve 101 b and a flow meter 101 c disposed downstream of thevalves 101 a and 101 b. The totalizer 101 has one or more controlmodules or routines associated therewith that are used to control theinput of the acid using the measurements made by the flow meter 101 c. Afirst such control routine may perform fast flow control through thetotalizer 101 using the coarse valve 101 a and the fine valve 101 bwhile a second such control routine may perform accurate flow controlthrough the totalizer 101 using the coarse valve 101 a and the finevalve 101 b.

As will be understood from FIG. 2, the alkali input valve system 102includes a totalizer having a coarse valve 102 a, a fine valve 102 b,and a flow meter 102 c and the shared water input valve system 110includes a coarse valve 110 a, a fine valve 110 b, and a flow meter 110c. Each of the totalizers 101, 102, and 110 has the same type ofreplicated equipment therein although they are used in different placeson the same unit, i.e., the Reactor_01 unit. Likewise, Reactor_02 andReactor_03 also include totalizes at the input valve systems 201, 202,301 and 302.

Similarly, the outlet valve system 104 is another piece of replicatedequipment including three valves. As best illustrated in FIG. 4, theoutlet valve system 104 includes a main outlet valve 104 a which must beopened for any material to be released from the tank 100, a productvalve 104 b which must be opened in conjunction with the main outletvalve 104 a to deliver product from the tank 100, and a drain valve 104c which must be opened in conjunction with the main outlet valve 104 ato drain material, such as waste product, cleaning fluids, etc. from thetank 100 into a drainage or refuge system. Of course, one or morecontrol routines are associated with the outlet valve system 104 tocontrol the states of the valves 104 a, 104 b and 104 c to close thetank 100, to drain the tank 100 or to empty product from the tank 100.

In the past, to produce a control routine for controlling the differentequipment associated with the reactors Reactor_01, Reactor_02 andReactor_03 of FIG. 1, a configuration engineer may have first created anumber of template control modules which were generic in nature andwhich were stored in a library in, for example, one of the workstations14. To create a template control module, the engineer graphicallyconnected together different control function blocks to provide acontrol routine for different elements or loops executed on the reactor.Once the generic template control modules were created, typically on avalve or a control loop basis, these template control modules could becopied and the copies of the template control modules could be manuallybound to particular equipment within the plant 10, e.g., to a particularequipment within the reactors, Reactor_01, Reactor_02 and Reactor_03.Once bound, either directly or using alias names, as more specificallydescribed in U.S. Pat. No. 6,385,496, the bound copies of the controlmodules were downloaded to one or more controllers 12 and were used toperform process control activities on the reactors to which they werebound. However, the bound control modules created from the templatecontrol modules had no reference or relationship to the template modulefrom which they were created and were, in effect, stand-alone controlmodules or objects when used in the process control system.

Also, in these systems, configuration had to be performed at a controlmodule level, meaning that a separate control module had to be createdfor each of the different pieces of equipment or loops within theprocess plant. At the control module level, there are typically numerousdifferent types of control modules which must be created for and boundto each of the process entities within the process plant. As a result,the configuration engineer spent a great deal of time simply copying andbinding individual control modules to individual pieces of equipmentwithin the plant. For example, a configuration engineer may have had tocreate and copy dozens of control modules for a reactor unit in theplant and then bind each of these control modules to particularequipment within that reactor unit. When the reactor unit was replicatedin the plant, the configuration engineer's task became much more tediousbecause the configuration engineer had to perform this copying andbinding process for dozens of control modules for each of the replicatedequipment, which was time consuming and fraught with human introducederrors.

While, in the past, a configuration engineer could develop a unitmodule, these unit modules were merely containers for the phases thatcould be run on a unit and did not include equipment indicationsassociated with the unit or control schemes used to control basicoperations of the equipment within the units. Also, while templatescould be created for control elements used to control differentequipment, there were no packages of control modules that could be usedto indicate higher level replicated entities within the plant, such asequipment and unit entities. In other words, to create control routinesfor different replicated entities within the process plant 10, theconfiguration engineer had to copy control modules for each of thereplicated pieces of equipment at the lowest level of control and tailoreach one of these control modules to a specific or particular piece ofequipment or other entity within the process plant 10. In large plantswith a lot of replicated equipment, this task could be time consumingand fraught with configuration errors. Still further, changes to acontrol module associated with replicated equipment had to be mademanually to each of the different control modules for the differentequipment, which was also tedious, time consuming and fraught withoperator introduced errors. Likewise, displays for the operator had tobe created separate and apart from the control modules and, similar tothe control modules, the displays had to be individually created,modified and tied to the equipment within the process plant.

To make the creation and changing of a process configuration easier andless time consuming, a configuration application 50 stored in one of theworkstations 14 of FIG. 1 includes a set of module class objects 52 foruse in configuring the process control plant 10. The module classobjects are especially useful when configuring a plant with numeroussets of replicated equipment. Generally speaking, a different moduleclass object 52 can be created for each different type of physical unitor equipment that is replicated or used within the process plant 10, foreach type of control activity that is replicated or used within theprocess plant 10, for each different type of display application that isreplicated or used in the process plant 10, etc. Once created, themodule class objects 52 can be used to configure elements of the processplant 10 that correspond to module class objects.

The module class objects 52, which are essentially generic versions ofprocess entities and are not tied to any particular process entity, canhave lower-level objects or instances 53, 54, 55 and 56 (referred toherein as module objects or module blocks) associated therewith. Eachmodule object is created from a module class object and inherits thesame structure and properties as the module class object from which itwas created. However, each module object is tied to a particular entitywithin the process plant 10. Thus, a single module class object 52 maybe created to represent a particular type of reactor unit (no matter howmany of those reactor units are present within the plant 10), while adifferent module object 53 may exist or be created for each of thedifferent reactor units of that type actually present within the plant10.

The module objects created from a module class object are associatedwith and owned by the module class object. As a result, changes made tothe module class object can be automatically reflected in or propagatedto each of the module objects associated with that module class object.Therefore, when a number of module objects have been created from aparticular module class object, with each of the different moduleobjects tied to different process entities, each of the different moduleobjects can be changed by simply changing the module class object andhaving the changes automatically propagated down to the associatedmodule objects.

Similarly, once the module objects have been created from a module classobject, these module objects can be bound to particular equipment withinthe process plant 10 using a bulk editing method. In particular, becausethe module objects of a particular module class object are all coupledto or owned by the same module class object, they may all be configuredtogether using, for example, a spreadsheet type application, which makesspecification of the particular relationships between the module objectsand the particular equipment in the plant 10 associated with thosemodule objects easier and less time consuming.

The module class objects 52 of FIG. 1 may be what are commonly referredto as objects in an object oriented programming environment or language.As a result, these objects have the ability to own or to refer to otherobjects. Generally speaking, the module class objects 52 are high levelobjects which can include indications or definitions of individualelements such as control routines, equipment or other elementsassociated with a process entity along with a definition or indicationof the manner in which those individual elements interact with oneanother, such as the way in which physical elements are interconnectedor the way in which logical elements operate in conjunction with thephysical elements. In other words, a module class object may be anobject within, for example, an object oriented programming language,that provides the basis for control and viewing of a particular piece ofor group of equipment, a control element, a display, etc. within theprocess plant 10 and may be useful for creating many instances of thatelement to be used to configure different replicated equipment withinthe process control plant 10.

Basically, each module class object is a configuration containerincluding a generic definition of a process entity in the form of all ofthe different control and/or display applications or routines that areapplicable to that entity to be used by the controllers 12 to controlthat entity or by the workstations 14 to perform display activities withrespect to that entity. The module class object may represent a processentity of any nature, such as a unit, a piece of equipment, a controlentity, a display application, etc. During the configuration of theprocess plant 10, the module class object may be used to createconfiguration instances of the process entity for any number ofdifferent process entities that conform to the definition provided bythe module class object, with each configuration instance (the moduleobject created from the module class object) being associated with ortied to a different actual process entity. These different moduleobjects include, among other things, control routines and/or displayroutines bound to particular process entities as disposed within theprocess plant 10, with these control routines being able to bedownloaded and used within the controllers 12 of FIG. 1 to performactual control activities on the process entities and with the displayroutines being able to be downloaded to workstations 14 to performactual display activities with respect to the entities during operationof the process plant 10.

Different types of module class objects may reflect process entities ofdifferent scopes and, therefore, contain control and/or display routinesconfigured to operate on or with respect to process entities ofdifferent scope. The larger the scope of the process entity, such as aunit, the more control and/or display routines will typically beassociated with the module class object and the easier it is toconfigure sections of the plant using those module class objects.However, the larger the scope of the process entity associated with amodule class object, the less likely that the process will includereplicated equipment at that scope and, thus, the less likely the moduleclass object is to be useful on a large scale. Conversely, the lower thescope of the process entity associated with a module class object, themore likely the module class object is able to be used in variousdifferent locations of the plant, but the less amount of configurationis performed when using that module class object in any particularinstance. In any event, the module class objects enable configuration tobe performed for different replicated equipment at higher levels ofabstraction than at the control module level, which makes configuring aprocess plant with replicated units and other equipment easier and lesstime consuming when using module class objects, especially module classobjects of a large scope, such as at the unit level.

In one example, when configuring a process control system, aconfiguration engineer may create a single module class object for thedifferent elements replicated within the process plant, such as for thedifferent reactors of FIG. 1. Thereafter, the configuration engineer maycreate instances of the module class object (module objects) for each ofthe actual reactors of FIG. 1. Each such created module object willinclude control routines used by the controller 12 a to operate one ofthe reactors of FIG. 1 and is specifically tied to or bound to theequipment within the one of the reactors of FIG. 1. These controlroutines can then be downloaded to the controller 12 a and used duringoperation of the process plant 10. However, once created, each of themodule objects is still tied to the module class object and can becontrolled by the module class object to be changed, to provide orreject access to the module object, etc. Likewise, module objects fromthe same module class object can be created and defined together, e.g.,can be bound to equipment within the plant using a spreadsheet program.

While there are many different possible types of module class objectsthat can be created or used within a process plant to performconfiguration activities within the process plant, four specific typesdiscussed herein as examples include unit module class objects,equipment module class objects, control module class objects and displaymodule class objects. Generally speaking, each different type of moduleclass object is designed or intended for a different scope of control oruse within the process plant 10. A unit module class object is intendedto be used to represent (and to configure) control activities for abroad scope of equipment within a process plant. In particular, a unitmodule class object is intended to model or be used to configure aninter-related set of equipment (typically replicated equipment) such as,for example, the reactors of FIG. 1, having individual elements thatwork in concert with one another in some known manner.

An equipment module class object is intended to be used to represent(and to configure) control activities for a less broad scope of physicalequipment within the process plant. The equipment associated with anequipment module class object is generally one or more physicalentities, such as valves, flow meters, etc. that make up a subsystem ofa unit and the equipment module class object may include one or morecommands or algorithms, which may be command driven algorithms (CDAs),state driven algorithms (SDAs), sequential flow chart (SFC) algorithms,function block diagram (FBD) algorithms, phase algorithms, etc., to beperformed on the piece of equipment. Thus, an equipment module classobject is aimed at configuring the control of multiple low levelcomponents or entities within a unit to provide a basic set of functionson that equipment as used within the unit. As is known, a command drivenalgorithm (command driven control logic) is used when the low levelcomponents must be coordinated through multiple steps to accomplish afunction. For example, a valve may need to be opened for a particularamount of time and then closed while another valve is opened and thenclosed. The totalizer 101 of FIG. 3 uses this type of command drivenalgorithm to first initiate and then manipulate the coarse valve and thefine valve based on the readings of the flow meter to provide thedesired total flow through the totalizer. A state driven algorithm(state driven control logic) may specify the states of differentlow-level components which can be manipulated in a single step. Such astate driven algorithm might be used in the outlet valve system 104 ofFIG. 4 in which the states of the different valves therein arecontrolled differently (but in a single step) based on the desired stateof the outlet valve system 104 to close the tank 100, to drain the tank100 or to deliver product from the tank 100.

A control module class object is intended to be used to represent (andto configure) individual control elements or control modules within theprocess plant. A control module class object provides or specifies aparticular type of control to be performed on a plant entity, such as avalve, meter, etc., a piece of equipment or even on a unit. Generallyspeaking, a control module class object provides a particular type ofcontrol programming, such as a set of communicatively interconnectedfunction blocks defining some control module to be executed in acontroller, useful to perform replicated control activities within aprocess plant. In most cases, a control module class object may providea generic control strategy to manipulate a single device or a relatedset of devices.

A display module class object is intended to be used to represent (andto configure) display activities to be viewed by a user, such as to acontrol operator, during operation of the process plant 10. Thus, adisplay module class object may specify the programming needed togenerate a display of a certain type within an operator workstation 14of FIG. 1 and the programming needed to be run in one or more of theworkstations 14 (as well as any other devices within the process plant10) to enable that display to obtain the proper information from theplant during operation of the plant 10. Types of display class modulesinclude, for example, alarm displays, configuration viewing displays,operation viewing displays, diagnostic displays, etc. Of course adisplay module class object may provide a display representing or tiedto any desired scope of physical elements or entities within a processplant. For example, a display module class object may displayinformation about an entire area, a unit, a piece of equipment, acontrol element, or any combination of these elements within the processplant 10.

Referring to FIG. 5, a hierarchical graph illustrates theinterconnections between the different types of module class objectsused in the configuration application 50 of FIG. 1 and theinterrelationship between module class objects and module objectsdeveloped from those module class objects. Starting at the top of thegraph of FIG. 5, module class objects are separated by module class typeinto one of a unit module class type 400, an equipment module class type402, a control module class type 404 and a display module class type406. Of course, other types of module class objects may be provided orused as well, with the four types illustrated herein being merelyexemplary module class types. Individual module class objects (which maybe high level objects in, for example, an object oriented programminglanguage, and are represented in FIG. 5 with a double outline for thesake of clarity) fall under each of the different types of moduleclasses 400, 402, 404 and 406. In particular, there may be numerousdifferent unit module class objects for different units or types ofunits within the process plant 10. For example, a reactor unit classmodule object 410 may represent a particular type or configuration of areactor within the process plant 10. Likewise, a packager unit moduleclass object 412 may represent a particular type or configuration of apackaging unit within the process plant 10 and a dryer unit class moduleobject 414 may represent a particular type or configuration of a dryerunit within the process plant 10. Of course, there may be more than onereactor unit module class object to represent reactors that aredifferent from one another in physical makeup. Further, no attempt isbeing made to list all of the different types of units within a plantthat can be represented or modeled with a unit module class object, andone of ordinary skill in the art will realize that there are manydifferent types of units in different types of plants that may bemodeled or represented with unit module class objects.

Similarly, there may be many different equipment module class objectsused to represent, model and configure different types of equipmentwithin the process plant 10. Examples illustrated in FIG. 5 include atotalizer equipment module class object 416 and an outlet valveequipment module class object 418, each of is associated with differenttypes of equipment (and preferably replicated equipment) within theprocess plant 10. In the same manner, there may be many different typesof control module class objects, illustrated in FIG. 5 as an on/offvalve control module class object 422, a level sensor control moduleclass object 424, and a flow meter control module class object 426.Moreover, display module class objects are illustrated in FIG. 5 as analarm display module class object 432, a viewing display module classobject 434 and a diagnostic display module class object 436. Of course,any other desired unit, equipment, control and display module classobjects may be created and used within the configuration application 50of the process plant 10 according to the principles described herein.

Each module class object may have sub-objects associated therewith orowned thereby. These sub-objects may be module class objects inthemselves or, as illustrated in FIG. 5, may be module objects which arecreated as instances of the module class objects to which they belong.FIG. 5 illustrates that the reactor unit module class object 410 hasthree reactor module objects named Reactor_01, Reactor_02 and Reactor_03associated therewith, with these reactor module objects corresponding to(i.e., bound to) the respective reactors of FIG. 1. FIG. 5 alsoillustrates the totalizer equipment module class object 416 as having orowning five different module objects named Water1, Acid1 Acid2, Alkali1and Alkali2. Likewise, the on/off valve control module class object 422is illustrated as including module objects named Coarse_Valve1,Coarse_Valve2, Coarse_Valve3, Fine_Valve1, Fine_Valve2 and Fine_Valve3.In a similar manner, each of the other unit, equipment, control anddisplay module class objects of FIG. 5 may have one or more moduleobjects associated therewith. However, for the sake of simplicity, thesemodule objects are not illustrated in FIG. 5.

In the graph of FIG. 5, each of the Reactor_01, Reactor_02, andReactor_03 unit module objects, the Acid1, Acid2, Alkali1, Alkali2 andWater1 totalizer (equipment) module objects, the Coarse_Valve1,Coarse_Valve2, Coarse_Valve3, Fine_Valve1, Fine_Valve2 and Fine_Valve3control module objects and the other unit, equipment, control anddisplay module objects are individual objects tied to actual units,equipment, control modules or display applications within the processplant 10. For example, because there are multiple physical acidtotalizers used in the plant 10, there will be multiple acid totalizermodule objects created in the configuration routine, with a separateacid totalizer module object existing for each of the individual acidtotalizers that exists within the plant 10. However, each of theseparate totalizer module objects is tied to or is owned by the sametotalizer module class object 416. Of course, the graph of FIG. 5illustrates only a limited number of module class objects and moduleobjects associated therewith, and it will be understood that other typesof module class objects may be provided and that any desired number ofmodule objects may be created from each of the different module classobjects.

Each of the module class objects of FIG. 5 (and therefore each of themodule objects of FIG. 5) may include, as part of the object, adefinition or indication of the physical or logical process elementsthat define or make up the module and, if desired, the manner in whichthose process elements interact either physically or logically with oneanother to perform some activity within the process plant 10. Forexample, unit module class objects will typically include an indicationof all of the physical and control elements within or making up theprocess entity being defined as the unit. The unit module class objectmay also define the particular makeup of the individual parts and howthose parts are physically tied together to operate as a unit. Likewise,an equipment module class object will typically include the controlroutines or control modules to be used to control the entity defined asthe piece of equipment and commands which use the control routines orcontrol modules to define the manner in which the parts interact eitherphysically or logically, to operate as a piece of equipment whendisposed within the plant 10. Similarly, each control module classobject will define a control activity, typically in the form of acontrol algorithm of some sort, to be performed within the plant. Also,each display module class object may define, among other things, adisplay screen configuration and the information to be displayed, aswell as the data to be collected and the data manipulations to beperformed on collected data, if any, for specified types of units,equipment, areas of the plant, or any other physical or logical entitywithin the plant 10.

As part of a module class definition, a module class object may indicateor define other module class objects to be incorporated or used therein.When this is the case, the module objects created from that module classobject will incorporate, refer to or include other module objectscreated from other module class objects according to the relationshipsdefined at the module class level. Although not strictly necessary, unitmodule class objects may incorporate other unit module class objects,equipment module class objects, control module class objects and displaymodule class objects, while equipment module class objects mayincorporate other equipment module class objects, control module classobjects and display module class objects. Control module class objectsmay incorporate or refer to other control module class objects anddisplay module class objects. However, if desired, other module classobject interrelationships may be used as well. These incorporationrelationships are illustrated by the large arrows at the bottom of thegraph of FIG. 5 indicating that any of the display module class objectsmay be included in or referred to by any of the control, equipment andunit module class objects, that any of the control module class objectsmay be included in or referred to by any of the equipment and the unitmodule class objects and that any of the equipment module class objectsmay be included in or referred to by any of the unit module classobjects. It will be understood that module class objects may incorporateother module class objects of the same type. For example, a unit moduleclass object may incorporate, as part of its definition, another unitmodule class object. In a similar manner, an equipment module classobject may include another equipment module class object, a controlmodule class object may include another control module class object anda display module class object may include another display module classobject. Of course, if desired, a module class object may use orincorporate another module class object multiple times. For example, areactor unit module class object may incorporate or use the totalizerequipment module class object numerous times because the reactors beingmodeled by the reactor unit module class object include multipleinstances of totalizers.

It will also be understood that, when a first module class objectincorporates or uses a second module class object, any module objectcreated from or as an instance of the first module class object willincorporate or use a module object created from or as an instance of thesecond module class object. Thus, when the reactor unit module classobject 410 uses a totalizer module class object 416 as an element orpart thereof, the Reactor_01 module object will use or include one ofthe totalizer module objects, such as the Acid1 module object, as anelement or part thereof. Similarly, if a totalizer equipment moduleclass object incorporates or includes an outlet valve equipment moduleclass object, a module object created from the totalizer equipmentmodule class object, which will be uniquely named as, for example,Totalizer_1, will include a module object created from the outlet valveequipment module class object and uniquely named, for example,Outlet_Valve_2. In this manner, the relationships between the moduleclass objects as defined at the module class object level are reflectedin the module objects developed or created from these module classobjects. This interconnection or referencing between module classobjects (and therefore module objects) enables great variability andhigh transferability of objects during configuration activities so that,after a set of primitive module class objects, such as control andequipment module class objects, are created, more complex module classobjects, such as unit module class objects, may be easily created byreferencing the primitive module class objects. Of course, while moduleclass objects can reference or use other module class objects, they canalso or instead define or use simple objects or process entities, suchas valves, sensors, etc. which have no associated module class object.These simple objects will be fully defined in terms of the controlroutines used therefore, within the module class object itself.

An example reactor unit module class object 410 is illustrated in FIG. 6to show one manner of describing or defining the entities associatedwith or present within a unit module class object. As illustrated inFIG. 6, the reactor unit module class object 410 includes an indicationof a tank 500, which is a simple object or element within the processplant 10 for which no module class object exists. The tank 500 isillustrated in dotted lines because there is no control or low-levelactivities need to control, or perform input/output activities withrespect to the tank. As a result, the tank 500 is included merely toillustrate the interconnections between the other objects associatedwith the reactor unit module class object 410. The reactor unit moduleclass object 410 also includes three totalizers 501, 502 and 510 namedAcid, Alkali and Water, respectively, which are three differentreferences to the totalizer equipment module class object 416 of FIG. 5.The Water totalizer module class object 510 is illustrated in a sectionof the unit module class object 410 that is separated by dotted lines toindicate that this is a shared module class object and, thus, that theunit module class object 410 has shared control over this object withother unit module class objects. The outlet object 504 of FIG. 6 is areference to the outlet valve equipment module class object 418 of FIG.5, the level sensor 505 is a reference to the level sensor controlmodule class object 424 of FIG. 5 and the water_in valve 503 is areference to a valve object which may be a simple valve element (and sofully defined within the unit module class object 410) or which may be areference to a valve control module class object defined elsewhere inthe configuration strategy. The physical interconnections between thedifferent entities or parts of the reactor unit module class object 410are also illustrated for the sake of defining the interconnectionsbetween these different elements. As noted above, the unit module classobject 410 or other module class objects of any type can include simpleelements which are fully defined within the module class object(including any generic control routines associated therewith) and/or caninclude references to module class objects defined exterior to themodule class object.

The unit module class object 410 also includes two example displaymodule class objects called a reactor viewing display 520 and a reactoralarm display 522 which are references to the viewing display moduleclass object 434 and the alarm display module class object 432 of FIG.5. These objects define generic display activities for displaying thestate (e.g., the fill level of the tank) and alarms associated with anyof the equipment or parts of the reactor unit defined in the reactorunit module class object 410. Similarly, the unit module class object410 may include other elements, such as phase class objects, illustratedin the box 524 as a Dose, a Mix, a Drain and a Flush phase class object,each of which defines a generic control routine to be operated on theunit defined by the unit module class object 410. The unit module classobject can have zero or more associations to phase class objects. Thephase class objects 524 can be defined elsewhere and imported into theunit module class object 410 in any desired manner. In a sense, thephase classes 524 are commands or routines that may be operated on aunit defined by the unit module class object 410 to perform differentfunctions, such as filling the unit, heating the unit, emptying theunit, cleaning the unit, etc.

Moreover, the unit module class object 410 may include a memory orsection 526 that stores references to the module class objects which arecreated by the configuration application 50 (FIG. 1) from this unitmodule class object 410. The section 526 is essentially a list of themodule objects that were created from and that are owned by the unitmodule class object 410. (Of course this list or other indication of theowned module objects can be stored in the workstation or by theconfiguration application 50 in any desired manner and does not have tobe physically contained in the unit module class object 410). In anyevent, in the example of FIG. 6, the unit module class object 410 ownsunit module objects Reactor_01, Reactor_1, Reactor_02, etc., each ofwhich has been created from the reactor unit module class object 410.

The unit module class object 410 also includes a set of methods 530 thatcan be performed by the unit module class object 410 either during orafter the configuration activities. The methods 530 may include a changemanagement method or application that automatically propagates changesmade to the unit module class object 410 to each of the module objects526 owned by the unit module class object 410. Other methods may includesecurity control methods which perform security or access control withrespect to the unit module class object 410 and/or with respect to anyof the unit module objects 526 owned thereby or methods that enable auser or configuration engineer to specify change parameters and/orsecurity parameters for the module class object or any module objectscreated therefrom. Of course different methods 530 may perform any otherprocedure on or with respect to the unit module class object 410.

If desired, the unit module class object 410 may control the manner inwhich changes made to the module class object 410 are propagated to theunit module objects 526 as well as the manner in which security accessis set up in the unit module objects 526. One manner of providing thisfunctionality is to set one or more flags or parameters within the unitmodule class object 410 to specify the manner in which changes are to bepropagated to and security is to be handled in the unit module objects526. In particular, one or more change propagation parameters may be setto specify whether or not changes made to the unit module class object410 are to be automatically propagated to the one or more of the unitmodule objects 526. These change propagation parameters may be stored inthe unit module objects 526 and may specify for the entire unit moduleobject, or on a sub-element by sub-element basis, whether changes madeto the unit module class object are to be reflected in the unit moduleobject. For example, the unit module class object 410 may include aglobal change parameter 534 (marked “C”) which may be set in each unitmodule object created from the unit module class object 410 to enable ordisable changes made to the unit module class object 410 from beingautomatically reflected in the unit module object. Likewise, eachsub-element or block, such as the blocks 501-505, 510, 520 and 522 mayinclude a change parameter 536 specifying, for that block only, whetherchanges made to that block in the unit module class object 410 are to bereflected in the unit module object. Of course, the different blocks ofa unit module object may be set differently so that, for example,changes made to the Acid block 501 of the unit module class object 410will be propagated to the corresponding Acid block of a particular oneof the module objects 526 but so that changes made to the Alkali block502 of the unit module class object 410 will not be propagated to theAlkali block of the particular one of the unit module objects.Furthermore, the different unit module objects created from a unitmodule class object may have the change parameters set differently fromone another so that changes to the Alkali block 502 within the unitmodule class object 410 are propagated to the corresponding Alkali blockof a first one of the unit module objects 526 but not to thecorresponding Alkali block of a second one of the unit module objects526. Of course, the change management method of the unit module classobject 410 may access and use the change parameters of the unit moduleobjects 526 to make or not make a change within those objects when thechange is made in the unit module class object 410.

In a similar manner, the unit module class object 410 may include one ormore security parameters which specify the manner in which security oraccess is controlled in each of the unit module objects 526. The unitmodule class object 410 may include a global security parameter 538(marked “S”) which may provide any desired level of security to theentire reactor unit module object created from the reactor unit moduleclass object 410 and/or may include a different security parameter 540for each sub-element of the unit module class object 410, such as foreach of the blocks 501-505, 510, 520, 522, etc. which specifies a levelof security for each of those blocks on a block by block basis. Theglobal security parameter 538 may be a locking parameter that locks theunit module class object to all users except those having apreauthorized security access level. Of course, the security parameters538 and 540 may specify any one of a number of different levels ofsecurity, such as no access, limited access, access to particular typesor identities of users, etc., and the security levels may be set to bedifferent in the different blocks and in the different unit moduleobjects created from the same unit module class object. If desired, partof the security measures may include providing encryption on one or moremethods or algorithms associated with the unit module class object.

It will be understood that the change and security parameters of theunit module class object 410 may be set to a default value, and that thecorresponding change and security parameters of each unit module objects526 created from the unit module class object 410 may take on thisdefault value when created. However, the default change and securityparameters may also be individually changed (by a user with propersecurity access) in the unit module objects 526 after these unit moduleobjects are created. While the change and security parameters arediscussed herein with respect to a reactor unit module class object,similar change and security parameters may be provided in other types ofunit module class objects as well as in any desired types of equipmentmodule class objects, control module class objects, display module classobjects, etc.

If desired, the unit module class object 410 may include references,such as URLs or other references, to documentation stored for orassociated with the unit class module object, including documentationassociated with the unit or any sub-elements of the unit associated withthe unit module class object 410. Such references are illustrated inFIG. 6 as references 549.

For the sake of a further example of a module class object, a totalizerequipment module class object 416 is illustrated in FIG. 7. Thetotalizer equipment module class object 416 includes control moduleclass objects named Coarse_Valve 550, and Fine_Valve 552 (both of whichare on/off type control module class objects) and a control module classobject named Flow_Meter 554 (which is a flow meter control module classobject) along with indications of the interconnects between theseelements. Still further, the totalizer equipment module class object 416includes references to display module class objects, including to aTotalizer Alarm display module class object 560, and to one or morealgorithms 564 which may be implemented on the equipment module classobject 416. While the algorithms 564 are listed as including aTotalize_Fast command and a Totalize_Accurate command, any othercommands or algorithms may be included or used as well. Still further,the command algorithms 564 associated with or included in an equipmentmodule class object may take any desired form, and may be, for example,command driven algorithms (CDAs), state driven algorithms (SDAs),sequential flow chart (SFC) algorithms, function block diagram (FBD)algorithms, phase algorithms, etc. However, generally speaking, all ofthe algorithms 564 will be of a particular type, such as CDAs or SDAs.Of course, the algorithms 564 may be written in any desired language orprogramming environment such as the C, C++ programming environments, anysequential function chart programming environment, a function blockprogramming environment, etc.

The totalizer equipment module class object 416 also includes a list ormemory that stores indications (and if necessary communication paths to)a set of owned equipment module objects 566 named Acid1, Acid2, Alkali1,Alkali2, Water_Hdr1, etc. created from the equipment module class object416. The totalizer equipment module class object 416 likewise includes aset of methods 570 including a>change management method that can be usedin conjunction with the global change parameter 572 and/or the objectbased change parameters 574 to control the propagation of changes to theequipment module objects 566. The totalizer equipment module classobject 416 also includes a global security parameter 580 as well asobject based security parameters 582. The change and security parameters572, 574, 580 and 582 operate generally as described with respect to thechange and security parameters of the unit module class object 410 ofFIG. 6 and may apply to any of the elements of the control module classobject 416, including the commands 564. Furthermore either or both ofthe change and security parameters may be provided at any desired levelwithin the module class objects (and thus within the module objectscreated therefrom) other than globally or at the object or elementlevel, as is particularly described herein. If desired, the change andsecurity parameters of a module class object or any module objectcreated therefrom may be set or configured using a bulk configurationapplication or program, such as a spreadsheet program, to enable aconfiguration engineer to set or specify the different change andsecurity parameters for the entire module class object or a moduleobject in a simple and straightforward manner.

If desired, the equipment module class object 416 may includereferences, such as URLs or other references, to documentation storedfor or associated with the equipment module class object, includingdocumentation associated with the equipment or any sub-elements of theequipment associated with the equipment module class object 416. Suchreferences are illustrated in FIG. 7 as references 599. Likewise, any ofthe algorithms of the equipment module class object 416, such as any ofthe algorithms 564, may be encrypted or have a security parameterassociated therewith that encrypts or de-encrypts these algorithms 564.Such encryption or de-encryption may be performed by a method 570 if sodesired.

To configure the process plant 10, a configuration engineer creates theunit, equipment, control and display module class objects as necessarywithin a library associated with the configuration application 50 (FIG.1). The configuration engineer may, if desired, start with the lowerscope entities, such as the control and display module classes, and thendevelop module class objects for the higher scope entities, such as theequipment and the unit module class objects that may use or refer to thelower scope entities. Thereafter, the configuration engineer can selector specify the module class objects as necessary to create actual moduleobjects corresponding to the selected module class objects for each ofthe process entities within the plant. When configuring replicatedequipment, the configuration engineer will create a module object foreach instance of the replicated equipment from the same module classobject. Thus, the configuration engineer may create a reactor unitmodule class object for the reactors of FIG. 1 (which includes creatingthe other module class objects referenced by the reactor unit moduleclass object if such other module class objects do not already existwithin the library). Thereafter, the configuration engineer mayconfigure the process by creating a reactor unit module object for eachof the reactors Reactor_01, Reactor_02 and Reactor_03 of FIG. 1 from thereactor unit module class object.

After creating one or more module objects from a module class object,the configuration engineer may bind the module objects (including thesub-objects or referenced objects) to the specific equipment within theplant. Because the unit module objects are associated with a single unitmodule class object, the alias names, parameters, and other variablesfor the different unit module objects can be specified together using,for example, a bulk processing application such as a spreadsheetapplication. Of course, by binding the module objects to particularequipment, the configuration engineer is actually specifying the controlvariables and communication path names used by control routines orcontrol modules within the controllers 12 to perform control activitiesduring operation of the process plant 10 or display variables used bydisplay routines in, for example, the workstations 14, during operationof the process plant 10. After the binding activities are completed, theconfiguration engineer may then download the bound control routines tothe controllers 12 and the bound display routines to the workstations14.

FIGS. 8-16 depict screen displays which may be created by theconfiguration application 50 of FIG. 1 during the process of aconfiguration engineer creating and using module class objects toconfigure the process plant 10. As will be understood, most of thescreen displays in FIGS. 8-16 include an explorer view on the left-handside of the screen, which provides an organizational tree structuredepicting the configuration of the process plant 10. Likewise, most ofthe screen displays of FIGS. 8-16 include one or more information viewson the right-hand side thereof. These information views provide furtherinformation about selected ones of the elements in the explorer view.The information that is able to be displayed to a user or changed by auser in the information views may be determined or controlled by thecontrol and security parameters 534, 536, 538, 540, 572, 574, 580 and582 of FIGS. 6 and 7 set for each of the different module class objectsor sub-elements thereof. Thus, a particular element within the explorerview may be displayable or exposed to a user for viewing and/or changingbased on the security and control parameters set in the module classobject and propagated to the module objects depicted in the explorerview. Of course, as explained earlier, information may be hidden at alltimes, may be displayable or changeable only by a user entering apassword or other security code, may be displayable at all times and notchangeable, may be displayable and changeable at all times or any othercombination of these or other security and change parameters. Stillfurther, if desired, the displayability or changability of an elementmay be indicated in the explorer view using highlighting, graying out,color or any other technique to inform the user which elements can bedisplayed in more detail or changed.

In FIG. 8, a screen display 600 includes a portion of an explorerconfiguration view 602 depicted on the left-hand side of the display.The portion of the explorer view 602 illustrates a library which storesnumerous module class objects, including unit module class objects 604,equipment module class objects 606 and control module class objects 608.A Reactor unit module class object 610 (which may correspond to thereactor unit module class object 410 of FIG. 6) is stored within theunit module class library 604 and includes indications of numeroussub-elements including a Dose, a Mix, a Drain, and a Flush phase classobjects, and an Acid, an Alkali, a Water, and an Outlet equipment moduleclass objects, a Water_In and a Level_Meter control module class objectsand other objects as desired. Thus, as defined in the unit module classlibrary 604, the Reactor unit module class object 610 includesindications of phase classes as well as indications of equipment moduleclass objects and control module class objects. Because the Reactor unitmodule class object 610 is selected in the screen 600, the elementsthereof are depicted in more detail on the right-hand side 612 of thescreen 600.

Still further, the equipment module class library 606 includes atotalizer equipment module class object 614 (which may correspond tototalizer equipment module class object 416 of FIG. 7) and aReactor_Outlet equipment module class object 616. The totalizerequipment module class object 614 includes three different portions ofan algorithm (such as one of the algorithms 564 of FIG. 7) called.Command_00001, Command_00002 and Command_00003. The module class object614 also includes references to control module objects calledCoarse_Valve and Fine_Valve (which are on/off type control module classobjects) and Flow_Meter (which is a flow meter type control module classobject). Still further, the Reactor_Outlet equipment module class object616 includes a state driven control algorithm having different statescalled State_00001, State_00002 and State_00003, a Target, a Drive, aMonitor and a Readback module and an Outlet, a Drain and a Product valvecontrol module object (which may be indications of or references tomodule blocks of the on/off control module class object type and whichare named Outlet, Drain and Product or which may be simple objects). Thecommand and state driven algorithms associated with the Totalizer andthe Reactor_Outlet module class objects 614 and 616 may be any desiredroutines and may refer to control module objects within the equipmentmodule class object to be used with those commands. In particular, theCDA or SDA command algorithms of the equipment module class objects mayinclude expressions or actions which refer to control modules (or otherequipment modules) by incorporating the names of module blockscorresponding to those modules to indicate which piece of equipment isto be manipulated when performing the algorithm. The use of the moduleblock name corresponding to the control module (or another equipmentmodule) within these algorithms specifies the control module objectreferenced by or associated with the equipment module object in whichthe algorithm is located and the specific names will be bound orinstantiated when the equipment module object is created from theequipment module class object.

FIG. 9 illustrates a configuration screen 620 in which the totalizerequipment module class object 614 is expanded to illustrate the runlogic associated therewith including the command driven algorithm havingCommand_00002, Command_00003 and Command_00099. As illustrated in theright-hand side 622 of the screen 620, information about the run logiccontrol routines is provided in more detail. In particular, theCommand_00002 is a totalize accurate routine used to control accurate orfine flow through the totalizer. The Command_00003 is a totalize fastroutine used to control or provide fast flow through the totalizer andthe Command_00099 is a reset routine that resets the totalizer. TheMonitor block in the screen 620 is a function block associated with therun logic which provides monitoring activities. As will be understoodfrom FIGS. 8 and 9, each of the elements within the module class objectswithin the libraries 604, 606 and 608 has sub-objects and sub-elementsand, in some or all cases, these sub-elements refer to or includecontrol routines or display routines to be executed by a computer, suchas a controller or a workstation, during operation of the process plant10. However, the control and display routines and the other equipmentreferences within the module class objects are generic in nature so thatthey are not tied to or bound to actual individual equipment within theplant 10.

FIG. 10 illustrates a further screen display 630 showing the details ofthe Command_00002 routine in the run logic of the totalizer equipmentmodule class object 614. As illustrated in a pop-up window 632 developedfrom a sequential function chart programming editor 634, theCommand_00002 routine includes a series of steps, and each step includesa series of actions. Only the first action (A1) of the first step (S1)of the Command_00002 routine is illustrated in the window 632. As willbe noted, the first action of the first step of the Command_00002routine sets the Flow_Meter control module object parameter Reset to“True” and then, based on conditions of the variable SP, sets theTarget_State parameter of the Coarse_Valve control module object (ormodule block) to “Valve:Open” and sets the Target_State parameter of theFine_Valve control module object (or module block) to “Valve:Open.” Itwill be understood that this section of the Command_00002 routinereferences the Flow_Meter, the Coarse_Valve and the Fine_Valve controlmodule objects (or module blocks) associated with the totalizerequipment module class object generically at this point, but that theCommand_0002 routine of any actual totalizer equipment module objectcreated from the totalizer equipment module class object will referencethe actual name of the control module objects created with or as part ofthe totalizer equipment module object.

FIG. 11 illustrates a screen view 640 showing details of a controlalgorithm associated with the Dose phase class 642 which may be used orreferred to in Reactor unit module class object 610 of FIG. 8. Inparticular, the Dose phase class 642 includes a set of different generalcontrol actions including Abort, Fail, Hold, Restart and Run. The logicassociated with the run action (called Run₁₃ Logic) includes a series ofstep illustrated in the screen section 644 as Step 1 (S1), Step 2: (S2),and Step 3 (S3), two transitions T1 and T2 and a termination. Asequential function chart editor 646 graphically illustrates the stepsand transitions in block diagram format. A pop-up screen 648 illustratesthe actual control logic associated with Action 1 (A1) of Step 1 (S1).In particular, the run logic in the screen 648, which is a logic editor,includes the actions of acquiring the shared water header for thereactor, opening the water_in valve and then resetting all thetotalizers associated with the reactor.

Because the Dose phase class is written independently of the reactor, ituses alias names to refer to equipment which will be specified either ator before runtime but which, of course, cannot be specified in thereactor unit module class object. However, the references to actualdevices or other process elements used within the control algorithm 648are to those devices as located within the same unit module classobject, in this case the reactor unit module class object. In thecontrol routine 648, alias names are delineated by the # symbol so thatthe #WATER_IN# is an alias name for the water_in control module withinthe same module, i.e., the unit module class object 610. Likewise, the#WATER#, the #ACID#, and the #ALKALI# designations refer to the Water,Acid and Alkali totalizer module blocks within the Reactor unit moduleclass object 610. Of course, it will be understood that the totalizerand reactor outlet equipment module class objects and the on/off valvecontrol module class objects are associated to the reactor unit moduleclass object through corresponding totalizer and reactor equipmentmodule objects (named, for example, Alkali1, Acid1, etc.) and on/offcontrol module objects (named, for example, Coarse_Valve1, Fine_Valve1,Outlet1, etc.) and so, become a logical part of that unit class object.

FIG. 12 illustrates a screen display 650 in which the Reactor_Outletequipment module class object 616 is illustrated in more detail. TheRun_Logic associated with the Reactor₁₃ Outlet equipment module classobject 616 is shown in a screen portion 652 as including a Driveelement, a Monitor element, a Readback element and importantly, a statedriven algorithm having four separate states used to control the valvesassociated with the Reactor_Outlet equipment module class object 616.The right-hand screen portion 654 includes details about the Drive itemsincluding the names of the drive items Drain_SP, Outlet_SP andProduct_SP within control blocks or control modules used to open andclose actual valves and the communication path specification for eachcontrol module Target_State in the module blocks named Drain, Outlet andProduct. A readback path specification provides the communication pathfor the readback parameter of Current_State in each of the Drain, Outletand Product module blocks and the states of the valves for differentstates of the Reactor_Outlet equipment are also provided. Thus, theDrive details within the screen portion 654 indicate that, during theclosed state operation of the Reactor_Outlet 616, the drain, outlet andproduct valves are all closed, during the draining operation, the drainand outlet valves are open while the product valve is closed, and duringthe releasing product operation, the drain valve is closed and theoutlet and product valves are open. As will be understood, while thescreen display 650 of FIG. 12 illustrates one manner of specifying statedriven control logic for an equipment module class object, any otherdesired manners may be used as well.

Of course if desired, these and similar screens as the screens 9-12 maybe used by a configuration engineer to create and specify controlalgorithms within the Dose or other phase classes, or for any of theother modules, such as unit module class objects, equipment module classobjects, and display module class objects to thereby create any desiredmodule class object.

After creating one or more module class objects as described above, theconfiguration engineer may then use these module class objects toconfigure elements within the process plant 10. FIG. 13 illustrates ascreen display 660 having a hierarchical view 661 showing a systemconfiguration 662 of the process plant 10. The system configuration 662includes a section entitled control strategies 664 which specifies thecontrol strategies for the process plant 10 and, in particular for usein controlling the process entities of the process plant 10. The controlstrategies 664 are divided into logical groupings, such as into physicalareas of the plant 10. An Area_A 665 is illustrated in the view 661.Area_A 665 includes a salt manufacturing section 666 called Salts whichmay include numerous pieces or examples of replicated equipment thereinused to manufacture salt.

To configure the salt manufacturing section of the plant 10, theconfiguration engineer may select the reactor unit module class object610 within the unit module class library 604 of FIG. 8 and drag orotherwise copy it under the Salts 666 heading to create an instance of areactor of the form specified by the reactor unit module class object610. This reactor is illustrated in FIG. 13 as the Reactor_1 unit moduleobject 668. The configuration application 50 may automatically name theReactor_1 unit module object 668 based on the name of the unit moduleclass object from which it was created but in a manner which is uniquewithin the configuration system. As illustrated in FIG. 13, theReactor_1 unit module object 668 includes an Acid_1 totalizer equipmentmodule object, an Alkali_1 totalizer equipment module object, and anOutlet_2 equipment module object, which correspond to the acid, alkaliand outlet module class objects specified within the reactor unit moduleclass object 610. Still further, the Reactor_1 unit module object 668includes Dose, Drain, Flush and Mix unit phases (developed from phaseclasses) as specified by the module class object 610. An aliasresolution table is provided in a folder called Aliases and includes theresolution list for the alias used in the control routines anywhere inthe Reactor_01 unit module object 668. The alias resolution table withinthe Reactor_1 unit module object 668 enables these control routines tobe resolved before or during runtime to be bound to particular equipmentwithin the process plant 10. The use of unit phases and alias resolutiontables is described in detail in U.S. Pat. No. 6,385,496, which isassigned to the assignee of this patent and which is hereby expresslyincorporated by reference herein. Still further, the Reactor_1 unitmodule object 668 includes a Water_HDR1 and a Water_In module objectwhich correspond to the Water totalizer equipment module class objectindicated within the Reactor unit class object 610 and the Water_Inon/off valve control module class object of the Reactor unit classobject 610, respectively. Of course, the configuration application 50may again automatically provide the naming scheme used for the elementsof the Reactor_01 unit module object 668 based on the names of thecorresponding elements in the Reactor unit module class object 610 fromwhich each of the individual elements of the Reactor_1 unit moduleobject 668 was created, but in a manner that makes these names unique inthe configuration strategy.

As will be understood from the discussion with respect to the Reactorunit module class object 610, the Water_HDR1 is a shared water header(corresponding to the water inlet valve system 110 of FIG. 1). As aresult, a separate equipment module object under the Salts designation666 is provided called Water_HDR1 670. Of course, the configurationengineer may create the Water_HDR1 670 module object from the totalizerequipment module class object 614 of FIG. 8 by copying or dragging theelement to the screen section 661. As would be expected in this case,the shared water header Water_HDR1 670 is illustrated as includingparticular on/off valve control module objects (named Coarse_Valve4 andFine_Valve4) and a particular flow meter control module object (namedFlow_Meter4), which correspond to the Coarse_Valve, the Fine_Valve andthe Flow_Meter control module class objects of the totalizer equipmentmodule class object 614 of FIG. 8. Furthermore, the Water_HDR1 referencewithin the Reactor_1 module object 668 refers to the Water_HDR1equipment module object 670.

Of course, any of the equipment or control modules could be designatedwithin a unit module class object as a shared or a non-shared moduleobject. A non-shared module object is completely owned by the higherlevel module object in which the non-shared module object is created. Ashared module object is owned or associated with more than one higherlevel module object. The shared or non-shared nature of a module objectinfluences the depiction of a module object in the explorer view. Inparticular, a non-shared module object designation results in a moduleobject being depicted only under the higher level object within thecontrol strategy, while a shared module object designation results inthe shared module block or module object being depicted under each ofthe higher level module objects which share that element as well as astand-alone module object in the explorer hierarchy.

As will be understood, the configuration engineer is able to create acontrol strategy within the control strategies section 664 of theconfiguration system for an entire reactor by simply copying a reactorunit module class object 610 and creating an instance thereof (thereactor unit module object 668) having all of the elements specifiedwithin the reactor unit module class object 610. However, the individualunits and in particular, the control elements, of the reactor unitmodule object 668 are able to be tied or bound to particular entitieswithin the process plant 10 using input/output designations that varyfrom module object to module object and using a configuration dialog boxwhich may be created to enable a configuration engineer to specify themanner in which module objects are to be bound in the process plant.Also, as indicated above, the created reactor module object 668 is stillconnected to and owned by the reactor unit module class object 610 sothat changes made within the reactor unit module class object 610 can beautomatically propagated to and reflected within the Reactor_1 moduleobject 668, if so desired. In any case, the configuration engineer maychange or individually tailor the created module objects, such as theReactor_1 unit module object 668, to accept or reject changes from theparent module class object either on a global (object wide) basis or onan element by element basis.

The right hand portion 672 of the screen 660 illustrates or lists theparameters, alarms, etc. associated with all of the elements in theReactor_1 module object 668 (as that is the element selected in thesection 661) and the values, filtering and other information associatedtherewith. Of course, the configuration engineer may change or specifythis data for each of the elements of the Reactor_1 module object 668 asdesired to thereby tailor individual module objects created from themodule class object in any desired manner.

FIG. 14 illustrates a screen display 680 showing the configuration ofthe Acid1 equipment module object 682 of the Reactor_1 unit moduleobject 668. Because the Acid1 equipment module object 682 in FIG. 14 isselected, the elements thereof are illustrated in the right-hand portion684 of the screen 680. These elements include a Coarse_Valve1, aFine_Valve1 and a Flow_Meter1 control module objects, and exposedparameters.

A pop-up screen 686 provides information about the sub-module objectsassociated with the Acid1 equipment module object, as well as moduleclass from which these sub-module objects originated or were created. Inparticular, the Acid1 equipment module object belongs to the totalizerequipment module class object, the Coarse_Valve1 and the Fine_Valve1module objects belong to the On_Off₁₃ Valve control module class objectfrom the library section 608 of FIG. 8 and the Flow_Meter1 Module objectbelongs to the Flow_Meter control module class object in the librarysection 608 of FIG. 8.

The tabbed displays of the Acid1 configuration pop-up screen 686 alsoincludes parameters, IO (input/output), alarms and Fieldbusdesignations. The parameters tab may be used to specify or fill in theparameters of each of the elements of the Acid1 totalizer of theReactor_1 module object 668. The IO tab may be used to specify theinput/output connections between each of the elements of the Acid1totalizer module object 682 of the Reactor_1 module object 668 tothereby bind those individual elements to actual equipment within theprocess plant 10. If desired, these bindings may be specified using aspread sheet algorithm or program such as that illustrated in FIG. 15 tospecify on a global or bulk basis the interconnections between all theelements of a module object (at any level) and the actual elementswithin the process plant 10. The spreadsheet display 688 of FIG. 15illustrates a spreadsheet view that enables a configuration engineer tobind the coarse valves from different totalizer equipment modules toequipment within the process plant 10 at the same time. In this case,the IO_Out path names and IO_Readback path names are specified for thevalves named VLV-101A, VLV-201A, VLV-301A and VLV-401A. However, ifdesired, different elements of the same module could be specified in abulk manner.

Referring again to FIG. 14, the alarm tab of the pop-up screen 686 maybe used to specify or configure alarms associated with the Acid_1 moduleobject and a Fieldbus tab may be used to specify particular Fieldbusdevice connections as necessary. Of course, similar configurationscreens could be used for other module objects within the Reactor_1module object 668 or for the entire Reactor_1 module object 668.Likewise, the same or similar configuration screens may be used forother module objects. It will be understood that the configurationscreens may be displayed and used at any level of module objectsincluding at the unit module level, the equipment module level, thecontrol module level, etc.

FIG. 16 illustrates a screen display 690 including an explorer view 661of the configuration system for the process plant 10 in which theconfiguration engineer has added a still further reactor module object692, called Reactor_1_1, as copied or created from the Reactor unitmodule class object 610 of FIG. 8. Of course, when creating theReactor_1_1 module object 692, the configuration engineer may specifydifferent parameters, different connections to different devices andeven different control routines to be used in the individualsub-elements thereof. As illustrated in FIG. 16, the Reactor_1_1 moduleobject includes sub-objects for each of the equipment module classobjects within the Reactor unit module class object 610 of FIG. 8including an Acid2, Alkali2 and Outlet4 equipment module objects. TheReactor_1_1 module object also includes a Water_In2, and a Level_Meter2control module object, a reference to the shared equipment module objectnamed Water_HDR1 and Dose, Drain, Flush and Mix unit phases. Thesub-objects that are associated only with the Reactor_1_1 module object692 are given unique names while the shared units, such as theWater_HDR1 module object, is illustrated with the name of the sharedwater header.

It will be understood that, in a similar manner, the configurationengineer may use any other unit module class objects, equipment moduleclass objects and control module class objects as well as display moduleclass objects to create configuration elements for units, equipment,control elements and display elements within the process controlenvironment according to the principles described therein. It will alsobe understood that the use of these module class objects, which can bequite detailed in nature, provides the configuration engineer with greatadvantages in creating a configuration because the engineer does nothave to create each individual control element separately or copy eachindividual control element separately from a control template but,instead, can use module class objects which are provided at higher andhigher levels or scopes to create larger and larger bulk configurationitems for use in configuring the process plant 10.

Still further, the configuration engineer may make changes to theelements of the configuration of different process entities on a globalbasis by changing one or more of the unit module class objects andhaving those changes propagated to each of the module objects createdfrom and associated with those unit module class objects. This featuremakes changes within the configuration easier and less time consuming tomake after a configuration has already been created. Moreover, theconfiguration engineer may specify an access level to different elementsor components of module objects within the configuration system bysetting security parameters within the module class objects. As notedabove, the configuration engineer may specify a security on a module bymodule basis at any level, such as at the unit module level, theequipment module level, the control module level and the display modulelevel. In this manner, some elements of a unit module object may beviewable while others may not be viewable.

Of course, once the configuration system is complete and the moduleobjects are bound to the individual process entities within the processplant 10, the control and display modules or elements associated withthese modules may be downloaded to the proper controllers 12 andworkstations 14 of FIG. 1 for execution during operation of the processplant 10.

FIG. 17 is a flow diagram of an example routine 700 for configuring aprocess plant item to limit access to the item. The routine 700 may beimplemented by one or more computing systems such as one or more of theworkstations 14 and/or the controllers 12 of the process plant 10 ofFIG. 1. The routine 700 may be implemented by a computing systemseparate from the process plant 10 as well. For example, a third partyprovider could use the routine 700 to limit access to, for example, amodule object, a module class object, a module template, a compositetemplate, etc., developed by the third party provider. Then, thedeveloped module object, module class object, composite template, etc.,could be used by a customer of the third party provider, but thecustomer would not be able to, for example, view some or all of theinternal items of the developed module object, module class object,composite template, etc. In general, the process plant item to beconfigured may be a module object, a module class object, a compositetemplate, for example. The routine 700 may be implemented as part of aconfiguration application, such as the configuration application 50. Forexample, the routine 700 may be implemented during or after theconfiguration of a module object, a module class object, a compositetemplate, etc., using the configuration application 50. Also, theroutine 700 may be implemented by an application separate from theconfiguration application 50.

At a block 702, a user input is received that indicates that access tothe process plant item is to be controlled (i.e., data associated withthe process plant item are to be protected). For example, a personconfiguring the item may check a box, select a button, select a menuitem, etc., that indicates that data associated with the item is to beprotected. The user input may optionally also indicate which dataassociated with the item are to be protected. For example, the user mayselect to protect some data while leaving other data unprotected.

Alternatively, the user may not be allowed to select which data will bedetected. For example, the user may be only able to choose betweenprotection or no protection for an item. In one example, if a userselects to protect data associated with a module object or module classobject, a set of the data associated with the module object or moduleclass object may be protected whereas data not in the set is notprotected. For example, function blocks that make up a module object ormodule class object and their interconnections will be protected, butparameters of the module object or module class object will not beprotected.

FIGS. 18A and 18B are example screen displays that may be created by aconfiguration application such as the configuration application 50 ofFIG. 1. Similar screen displays could be created by other types ofapplications such as an application used to monitor a process duringoperation of the process, a debugging application for debugging aconfiguration, an asset management application, etc. The screen display720 includes a portion 722 of an explorer view having a library 724 ofcomposite templates. One of the composite templates is the DYN_FULLcomposite template 726. The DYN_FULL composite template 726 comprisesvarious sub-elements which, because the DYN_FULL composite template 726has been selected in the explorer view 722, are depicted in theright-hand side 728 of the screen display 720. The sub-elements thatmake up the DYN_FULL composite template 726 include parameters andfunction blocks 730.

In the screen display 720, the DYN_FULL composite template 726 has notbeen configured as protected and thus the function blocks 730 aredepicted in the right-hand side 728 of the screen display 720. Incontrast, FIG. 18B illustrates a screen display 732 corresponding to theDYN_FULL composite template 726 configured as protected. Thus, in thescreen display 732, the function blocks 730 are not depicted in theright-hand side 728 (i.e., they are hidden). The parameters of theDYN_FULL composite template 726 are still depicted even though it hasbeen configured as protected.

Referring again to FIG. 17, at a block 704, the user may be prompted toenter a password. For example, a window, screen, audio prompt, etc., mayprompt the user to enter a password. As will be described below, thepassword may be used at a subsequent point in time to access theprotected data and/or to reconfigure the item to remove the protection.At a block 706, the password may be received. For example, the passwordmay be entered via a keyboard, keypad, touch screen, light pen, mouse,etc., of a computing system.

At a block 708, an indication of the data associated with the processplant item that is to be protected may be stored and associated with theitem. For example, if the item is an object, the indication may bestored as part of that object. As another example, the indication couldbe stored separate from the object and a link to the indication could bestored as part of the object. As yet another example, if the processplant item is an item created from a module class object, the indicationcould be stored as part of the module class object. If the user is notpermitted to select which data is to be protected, the block 708 may beomitted.

At a block 710, the password received at the block 706 may be stored andassociated with the item. For example, if the item is an object, thepassword may be stored as part of that object. As another example, thepassword could be stored separate from the object and a link to thepassword could be stored as part of the object. As yet another example,if the process plant item is an item created from a module class object,the password could be stored as part of the module class object.

Optionally, the data to be protected and/or the password may beencrypted. In these implementations, the blocks 708 and 710 may comprisestoring and associating the encrypted data and/or the encryptedpassword. Further, if the process plant item is an item created from amodule class object the protected data or the encrypted data could bestored as part of the module class object.

If the item is a module class object, the indication of data to beprotected and the password may be propagated to items created from themodule class object.

A routine similar to the routine 700 could be used to “unprotect” theprocess plant item or particular data associated with the item. Namely,user input that indicating that data associated with a protected processplant item is to be unprotected could be received. Then, the user couldbe prompted for a password. If the received password matches thepassword stored and associated with the protected process plant item atthe block 710 of the routine 700, the user could be prompted as to which(or whether all) of the protected data is to be unprotected. Then, theindication stored and associated with the item at the block 708 of theroutine 700 could be modified to indicate that some or all of the datais not to be protected.

FIG. 19 is a flow diagram of an example routine 750 for configuring agroup of process plant items to limit access to the group. The routine750 may be implemented by one or more computing systems such as one ormore of the workstations 14 and/or the controllers 12 of the processplant 10 of FIG. 1. The process plant items in the group may be moduleobjects, module class objects, and/or composite templates, for example.The routine 750 may be implemented as part of a configurationapplication, such as the configuration application 50. For example, theroutine 750 may be implemented after the configuration of items in thegroup using the configuration application 50. Also, the routine 750 maybe implemented by an application separate from the configurationapplication 50.

At a block 752, a user input is received that indicates that access tothe group of items is to be controlled (i.e., the group of process plantitems are to be protected). For example, access to data associated witheach item in the group may be protected. Additionally, the addition ofitems to the group or the deletion of items from the group may not bepermitted. The group of items may comprise, for example, a library ofitems, a folder of items, a class of items, a category of items, etc.

A person configuring the group of items may first select the group by,for example, highlighting the group of items, selecting a library name,a folder name, a class name, a category name, etc. Referring to FIG.18A, a person could, for example, select the sub-library 734, select thecategory 736, highlight a plurality of modules in the category 736, etc.Then, the person may, for example, check a box, select a button, selecta menu item, etc., that indicates that the group is to be protected.

Referring again to FIG. 19, at a block 754, the user may be prompted toenter a password. For example, a window, screen, audio prompt, etc., mayprompt the user to enter a password. As will be described below, thepassword may be used at a subsequent point in time to access theprotected group and/or to reconfigure the group to remove theprotection. At a block 756, the password may be received. For example,the password may be entered via a keyboard, keypad, touch screen, lightpen, mouse, etc., of a computing system.

At a block 758, an indication that the group of items is to be protectedmay be stored and associated with the group of items. For example, ifthe group is a category of items, the indication that the category is tobe protected may be stored and that indication may be associated withthat category so that if an attempt is subsequently made to modify thecategory it may be determined that the category is protected. Inaddition, an indication may be associated with each item in the group.For example, if the items are objects, an indication that the item is ina protected group may be stored as part of each object. Also, theindication may be stored separate from each object and a link to theindication may be stored as part of each object.

At a block 760, the password received at the block 756 may be stored andassociated with the group of items. For example, if the group is acategory of items, the password may be stored and that password may beassociated with the category. In addition, the password may beassociated with each item in the group. For example, if the items areobjects, the password may be stored as part of each object. Also, thepassword may be stored separate from each object and a link to thepassword may be stored as part of each object.

As with the routine 700 of FIG. 17, a routine similar to the routine 750could be used to “unprotect” the group of process plant items.

FIG. 20 is a flow diagram of an example routine 770 for determiningwhether to permit viewing of data associated with a process plant itemthat may or may not be protected. The routine 770 may be implemented byone or more computing systems such as one or more of the workstations 14and/or the controllers 12 of the process plant 10 of FIG. 1. The processplant item may comprise a module objects, a module class object, acomposite template, for example. The routine 770 may be implemented aspart of a configuration application, such as the configurationapplication 50. Also, the routine 770 may be implemented as part ofanother application such as a monitoring application, a debuggingapplication, an asset management application, etc.

At a block 772, a request to view data associated with a process plantitem may be received. For example, a user may select an item in anexplorer view, attempt to “drill down” into a module to see componentsof the module, etc. Referring to FIG. 18B as an example, a user hasselected the DYN_FULL composite template 726 in the portion 722 of theexplorer view in the screen display 732. Thus, sub-elements of theDYN_FULL composite template 726 are to be displayed in the right-handportion 728 of the screen display 732.

At a block 774, it is determined whether any data associated with theitem is protected. For example, it may be determined whether there is anindication associated with the item, such as the indication stored atthe block 708 in FIG. 17, that indicates that data associated with theitem is protected. As another example, it may be determined whetherthere is an indication associated with the item, such as the indicationstored at the block 758 in FIG. 19, that indicates that the item is partof a group of items that is protected.

If data associated with the item is not protected, the flow may proceedto a block 776 at which data associated with the item is displayed. Forinstance, if the user had selected the item in an explorer view,sub-elements of that item may be displayed in a portion of a displayscreen. Referring to FIG. 18A as an example, a user has selected theDYN_FULL composite template 726 in the portion 722 of the explorer viewin the screen display 720. Thus, sub-elements of the DYN_FULL compositetemplate 726 including function blocks 730 are displayed in theright-hand portion 728 of the screen display 720. As another example, ifthe user requested to “drill down” into a module to see components ofthe module, the components of that module could be displayed in displayscreen or window.

If it is determined at the block 774 that data associated with the itemis protected, the flow may proceed to a block 786, at which protecteddata associated with the item is not displayed while unprotected datamay be displayed.

Optionally, if it is determined at the block 774 that data associatedwith the item is protected, the flow may proceed to a block 778. At theblock 778, the user may be prompted, using, for example, a window, adisplay screen, an audio prompt, etc., to enter a password. At a block780, the password entered by the user may be received. For example, thepassword may be entered via a keyboard, keypad, touch screen, light pen,mouse, etc., of a computing system. At a block 782, the passwordreceived at the block 780 may be compared to a password stored andassociated with the item. For example, the received password may becompared to the password stored at the block 710 of FIG. 17, or thepassword stored at the block 760 of FIG. 19.

At a block 784, it may be determined if the password received at theblock 780 matches the password stored and associated with the item. Ifthe passwords match, data associated with the item may be displayed atthe block 776. If the passwords do not match, protected data associatedwith the item is not displayed while unprotected data may be displayedat the block 786. Referring to FIG. 18B, for example, parameters of theDYN_FULL module 726 are displayed in the right-hand portion 728 of thedisplay screen 732, but function blocks of which the DYN_FULL module 726is comprised are not displayed.

It is to be understood that the blocks 778, 780, 782, and 784 areoptional and may be omitted. In this case, as discussed above, if it isdetermined at the block 774 that data is protected, the flow may proceedto the block 786.

FIG. 21 is a flow diagram of an example routine 800 for determiningwhether to permit modification of a process plant item or a group ofprocess plant items that may or may not be protected. The routine 800may be implemented by one or more computing systems such as one or moreof the workstations 14 and/or the controllers 12 of the process plant 10of FIG. 1. The process plant items may comprise module objects, moduleclass objects, and/or composite templates, for example. The routine 800may be implemented as part of a configuration application, such as theconfiguration application 50. Also, the routine 800 may be implementedas part of another application such as an asset management application,for example.

At a block 802, a request to modify a process plant item or a group ofprocess plant items may be received. For example, a user may select anitem in an explorer view for modification, select a component of an itemfor modification, etc. As another example, the user may attempt todelete an item from a group of items, add a new item to a group ofitems, etc.

At a block 804, it is determined whether the item or the group of itemsis protected. For example, it may be determined whether there is anindication associated with the item, such as the indication stored atthe block 708 in FIG. 17, that indicates that the item is protected. Asanother example, it may be determined whether there is an indicationassociated with the item, such as the indication stored at the block 758in FIG. 19, that indicates that the item is part of a group of itemsthat is protected. As yet another example, it may be determined whetherthere is an indication associated with the group of items, such as theindication stored at the block 758 in FIG. 19, that indicates that thegroup of items is protected.

If data associated with the item or group of items is not protected, theflow may proceed to a block 806 at which modification is permitted. If,however, it is determined at the block 804 that the item or group ofitems is protected, the flow may proceed to a block 808. At the block808, a notification (e.g., a window, display screen, audio prompt, etc.)may be generated that indicates that the item or group of items that theuser is attempting to modify is protected. Optionally, the block 808 maybe omitted. In this case, the item or group of items may be displayed insuch a way as to indicate to the user that the item or group of items isprotected. For example, a depiction of the item or group of items on adisplay screen may be “grayed,” include a symbol, etc., that indicatesthat the item or group is protected. In another example, there may be noindication to the user that the item or group is protected. In thiscase, the user may simply be unable to modify the item or group. Afterthe block 808, or if the block 808 is omitted, the routine may end.

Optionally, the flow may proceed to a block 810. At the block 810, theuser may be prompted, using, for example, a window, a display screen, anaudio prompt, etc., to enter a password. At a block 812, the passwordentered by the user may be received. For example, the password may beentered via a keyboard, keypad, touch screen, light pen, mouse, etc., ofa computing system. At a block 814, the password received at the block812 may be compared to a password stored and associated with the item orgroup of items. For example, the received password may be compared tothe password stored at the block 710 of FIG. 17, or the password storedat the block 760 of FIG. 19.

At a block 816, it may be determined if the password received at theblock 812 matches the password stored and associated with the item orgroup of items. If the passwords match, the modification may bepermitted at the block 806. If the passwords do not match, anotification may be generated at the block 818 that the modification isnot permitted. Alternatively, or in addition, the notification mayindicate that the password received at the block 812 was not the correctpassword.

As discussed above, blocks 810, 812, 814, 816, and 818 are optional andmay be omitted. In this case, the routine may end after the block 808.Also, the block 808 is optional and may be omitted. In this case theroutine may end or may proceed to the option block 810 if it isdetermined at the block 804 that the item or group is protected.

Although in FIGS. 17 and 19-21 passwords for limiting access to processplant items were discussed, other techniques for limiting access may beused alternatively or in addition to passwords. For example, apreauthorized security access level or levels indicating personnelauthorized to access items, a list of indications of particular persons(e.g., login names, ID numbers, etc.) authorized to access items,biometric data, etc., could be used. Further, additional data related toa level of protection may also be associated with an item or group ofitems such as whether all access is forbidden, whether read-only accessallowed, different levels of protection for different persons and/orlevels of clearance, etc. Moreover, in some implementations, a user maybe permitted to select different levels of security for sub-elements ofan item. In general, access security data (e.g., password, biometricdata, preauthorized security access levels, a list of authorized personsand/or IDs, etc.) may be stored and associated with a process plantitem, and this access security data may be compared with user securitydata (e.g., a password entered by a user, the user's ID, the user'slogin ID, biometric data obtained from the user, etc.) to determine ifthe user is permitted access to the item and/or particular sub-elementsof the item.

Referring to FIG. 17, blocks 704, 706, and 710 may be omitted ifdesired. For example, a user could indicate that the process plant itemor data associated with the process plant item are to be protected.Then, the user could use a routine similar to the routine 750 of FIG. 19to protect a group of items that includes the process plant item thatthe user wishes to protect. In this way, the user could prevent othersfrom changing the configuration of the item in order to view theprotected data.

FIG. 22 is a flow diagram of an example routine 830 for exporting aprocess plant item. The routine 830 may be implemented by one or morecomputing systems such as one or more of the workstations 14 and/or thecontrollers 12 of the process plant 10 of FIG. 1. Also, the routine 830may be implemented by a computing system separate from the process plant10. For example, the routine 830 could be implemented by a computingsystem of a third-party provider or a computing system of anotherprocess plant in order to export a process plant item to a customer orto the process plant 10. The process plant item may comprise a moduleobject, a module class object, a composite template, for example. Theroutine 830 may be implemented as part of a configuration application,such as the configuration application 50. Also, the routine 830 may beimplemented as part of another application such as an asset managementapplication, or an application used by a third-party provider, forexample.

At a block 832, a request to export a process plant item may bereceived. For example, a user may select an item in an explorer view forexport. As another example, the user may select a group of process plantitems for export, and the routine 830 may be implemented for each itemin the group.

At a block 834, it is determined whether any data associated with theitem is protected. For example, it may be determined whether there is anindication associated with the item, such as the indication stored atthe block 708 in FIG. 17, that indicates that data associated with theitem is protected. As another example, it may be determined whetherthere is an indication associated with the item, such as the indicationstored at the block 758 in FIG. 19, that indicates that the item is partof a group of items that is protected. If data associated with the itemis not protected, the flow may proceed to a block 836 at which the itemmay be exported.

If, however, it is determined at the block 834 that data associated withthe item is protected, the flow may proceed to a block 838. At the block838, the protected data may be protected. Then, at a block 840, apassword associated with the item may be encrypted. For example, thepassword received at the block 706 of FIG. 17 or the password receivedat the block 756 of FIG. 19 is encrypted.

At a block 842, the item may be exported but with the protected datareplaced by the encrypted protected data and the password replaced bythe encrypted password. If the process plant item is an item createdfrom a module class object the encrypted data and/or the encryptedpassword could be exported as part of the module class object or theitem, for example.

FIG. 23 is a block diagram of an example configuration system 900 thatmay be used to provide version control and audit trail informationassociated with a process plant. Further aspects of version control andaudit trail techniques that may be used are described in U.S. Pat. No.6,449,624, entitled “Version Control and Audit Trail in a ProcessControl System,” assigned to the assignee of the present application. Itis to be understood that the techniques described in U.S. Pat. No.6,449,624 need not be used, and different techniques may also be used.U.S. Pat. No. 6,449,624 is hereby incorporated by reference herein inits entirety for all purposes.

The configuration system 900 comprises a user interface 904 which, forexample, may be generated on a display device of the workstation 14(FIG. 1) or some other computing device. The user interface 904 mayenable a user to configure a process plant or a portion of a processplant via one or more configuration applications 906. The configurationapplications 906 may include a configuration application such as theconfiguration application 50 (FIG. 1). The user interface 904 alsointerfaces with a version control and audit trail system 908(hereinafter “the VCAT system”), which, in general, cooperates with theconfiguration applications 906 to record and administer historicalinformation regarding the configuration of the process plant or theportion of the process plant. Both the configuration applications 906and the VCAT system 908 access and otherwise communicate with aconfiguration database 912, which may store data representative of acurrent configuration of the process plant or the portion of the processplant (hereinafter the “process configuration”). The VCAT system 908 isalso in communication with a version control database 910.

The version control database 910 may include configuration history dataindicative of any number of prior versions of each item utilized in theprocess configuration. Taken together, the history data for all of theitems may be used to reconstruct past configurations of the process.More particularly, for each item in the configuration database 912 (aswell as those no longer in the configuration database 912), datarepresentative of the configuration of that item is stored for aplurality of versions. For example, an item may have been modified onthree occasions since it was created. The version control database 910would therefore have data indicative of the configuration of the item atthe point of creation, which may be referred to as “Version 1,” as wellas data indicative of the configuration of the item after each of thethree modifications, which would correspond with “Version 2,” “Version3,” and “Version 4.”

The configuration history data may thus include data representative ofall of the modifications made to module objects and module classobjects. The modifications may, but need not, be made using theconfiguration applications 906. Any or all of the user interface 904,the configuration applications 906, and the VCAT system 908 could becombined into a single, integrated system. For ease of explanation,however, tasks will be described herein as being attributed to the userinterface 904, the configuration applications 906, and the VCAT system908 separately.

The VCAT system 908 may be implemented using one or more computingdevice, such as the workstation 14 (FIG. 1), in a manner that allows forthe monitoring of modifications to the process configuration. The userinterface 904 and the configuration applications 906 may be implementedon the same computing device(s) as the VCAT system 908, or on differentcomputing devices in communication with the computing device(s) thatimplement the VCAT system 908.

The data in one or both of the databases 910, 912 may be stored in acomputer-readable medium physically located anywhere within the processplant 10, such as, for example, a volatile memory or a magnetic oroptical storage medium associated with the workstations 14.Alternatively, one or both of the databases 910, 912 may be stored in aremote location such that a computing device such as the workstation 14accesses the data stored therein over a network such as an intranet, theInternet, or any other communication medium. Furthermore, the datastored in each database 910, 912 need not be stored in the samecomputer-readable medium, such that any portion of either database 910,912 may be stored in a memory device or medium which is distinct fromdevices or media storing other portions.

In FIG. 23, the VCAT system 908 is shown as distinct and separate fromthe version control database 910. Alternatively, the version controldatabase 910 could from a portion of the VCAT system 908. Similarly, theconfiguration database 912 and the version control database 910 may, butneed not, constitute separate and distinct data structures. That is, thedatabases 910, 912 may be located in the same storage medium and, infact, may compose portions of a common database dedicated to the processplant 10. Accordingly, a “database,” as used herein, should beunderstood to not be limited to any particular data structure.

FIG. 24 is a flow diagram of an example routine 930 for facilitating thetracking of versions of a process plant item. The process plant item maycomprise module objects and/or module class objects, for example. Theroutine 930 may be implemented by the VCAT system 908 of FIG. 23, forexample, and will be discussed with reference to FIG. 23.

At a block 932, a modification of a process plant item may be detected.For example, a user may try to add a new item to the processconfiguration using the configuration applications 906. As anotherexample, the user may request to save an item to the configurationdatabase 912 after having modified the item. As yet another example, theuser may request to “check-in” an item to the configuration database 912after having modified the item. U.S. Pat. No. 6,449,624 describestechniques related to “check-in” and “check-out” procedures that may beused.

At a block 934, it may be determined which, if any, module class objectswere used to create the modified item. For example, a first module classobject could have been used to create a second module class object,which in turn was used to create the item. If one or more module classobjects were used to create the modified item, at the block 936 theversion of each module class object used may be determined.

At a block 938, a version identifier for the modified item is generated.The version identifier may comprise numbers, letters, symbols, etc. Theversion identifier is indicative of the version that reflects themodification detected at the block 932. For example, if the modificationdetected at the block 932 was the creation of the item, the versionidentifier may be indicative of an initial version. As another example,if the modification detected at the block 932 was a modification of afirst version of the item, the version identifier may be indicative of asecond version.

At a block 940, the version identifier generated at the block 938 may bestored and associated with the modified item. For example, if the itemis an object, the version identifier may be stored as part of thatobject. As another example, the version identifier could be storedseparate from the object and a link to the version identifier could bestored as part of the object.

At a block 942, the version identifier(s) of the one or more moduleclass object from which the item was created, if any, determined at theblock 936 may be stored and associated with the modified item. Forexample, if the item is an object, the version identifier(s) may bestored as part of that object. As another example, the versionidentifier(s) could be stored separate from the object and a link orlinks to the version identifier(s) could be stored as part of theobject. In yet another example, the version identifier generated at theblock 938 could be generated using the version identifiers determined atthe block 936. For instance, the version identifiers determined at theblock 936 could be encoded within the version identifier generated atthe block 938. In this case, the block 940 could comprise the block 942.

FIG. 25 is a flow diagram of an example routine 948 for facilitating thetracking of versions of process plant items. The process plant items maycomprise module objects and/or module class objects, for example. Theroutine 948 may be implemented by the VCAT system 908 of FIG. 23, forexample.

At a block 950, it may be determined whether a new version of a moduleclass object has been created. For example, it could be detected when anew version module class object has been “checked in.” At a block 952,process plant items that were created using the module class object maybe determined. Referring to FIG. 6, for example, the memory 526 could beexamined to determine which module objects that were created from themodule class object. Also, the memory 526 or some other memory orsection could be examined to determine which other module class objectswere created from the module class object.

At a block 954, the new version of the module class object, or thechanges made to the module class object, may be propagated to the itemsdetermined at the block 952. Then, at a block 958, the versionidentifier of the new version of the module class object may be storedand associated with the items determined at the block 952. In oneexample, the version identifiers of the items determined at the block952 are not updated to reflect new versions of the items. Optionally, inanother example, the version identifiers of the items determined at theblock 952 are updated at a block 959. Then, the new version identifiersof the items may be stored and associated with the items.

The version identifiers stored at the blocks 940 and 942 of FIG. 24 andblock 958 and 959 of FIG. 25 may help a user to track which versions ofitems, and versions of module class objects from which the items werecreated, are being used in a current configuration. For example, aconfiguration application, an asset management application, etc., couldexamine the configuration database 912 (FIG. 23) to determine theversions of items and versions of module class objects from which theitems were created. As another example, a debugging application, amonitoring application, etc., could examine a memory of a controller 12,for instance, to determine the versions of items and versions of moduleclass objects from which the items were created.

FIG. 26 is a flow diagram of an example routine 960 for facilitating theconfiguration of a process plant item. The routine 960 may beimplemented, for example, when a process plant item is displayed on adisplay screen by a configuration application. The process plant itemmay comprise module objects and/or module class objects, for example.The routine 960 may be implemented by the configuration applications 906and/or the VCAT system 908 of FIG. 23, for example, and will bediscussed with reference to FIG. 23.

At a block 962, it may be determined which, if any, module class objectswere used to create the item. For example, a first module class objectcould have been used to create a second module class object, which inturn was used to create the item. If one or more module class objectswere used to create the item, at the block 964 a current version of eachof those module class objects may be determined. At a block 966, theversion of each the module class objects used to create the item may bedetermined. For example, the version identifiers stored and associatedwith the item at the block 942 of FIG. 24 could be retrieved.

At a block 968, it may be determined, for each of the module classobjects used to create the item, if the current version of the moduleclass object is different than the version of the module class objectused to create the item. If there are no differences, the routine mayend. If, however, one or more differences are detected, a notificationmay be generated at the block 970. The notification generally mayindicate that a new version of a module class object used to create theitem is available. The notification may comprise text, symbols, colors,an audio prompt, etc. For example, a text box or window may be displayednext to, or overlapping with, a graphical representation of the item ona configuration display screen. As another example, a symbol may bedisplayed on or near the item representation. As yet another example,the color, brightness, etc., of the item representation may be changed.The notification itself may indicate which module class object(s) have anew version available. Alternatively, the notification may not notifythe user which module class object(s) have a new version available, butthe user can perform additional steps to determine that information by,for example, selecting a menu item, “double-clicking” on a symbol,“drilling down” into the item, etc.

Optionally, the user may then be provided with a user interfacemechanism for initiating a process to modify the process plant item byupdating the item using the new versions of the module class objects.For example, the user may be provided with a button, for example, tostart the process. As another example, the user may be provided with auser interface mechanism to select which of possibly several moduleclass objects having new versions are to be used to update the processplant item. For example, the user may be able to check boxes, highlightgraphical representations, etc., corresponding to the module classobjects having new versions that are to be used to update the processplant item.

FIG. 27 is a flow diagram of an example routine 980 for facilitating theconfiguration of process plant items. The routine 980 maybe implemented,for example, when a process plant items are being modified and/or“checked in.” The process plant item may comprise a module class object,for example. The routine 980 may be implemented by the configurationapplications 906 and/or the VCAT system 908 of FIG. 23, for example, andwill be discussed with reference to FIG. 23.

At a block 982, it may be determined whether a new version of a moduleclass object has been created. For example, it could be detected when anew version module class object has been “checked in.” At a block 984,process plant items that were created using the module class object maybe determined. Referring to FIG. 6, for example, the memory 526 could beexamined to determine which module objects that were created from themodule class object. Also, the memory 526 or some other memory orsection could be examined to determine which other module class objectswere created from the module class object.

At a block 986, the user could be prompted as to whether the changes tothe module class objects should be propagated to one or more of theprocess plant items identified at the block 984. For example, a textbox, window, display screen, audio prompt, etc. may be used to promptthe user.

Optionally, the user may be provided with a user interface mechanism toselect particular process plant items identified at the block 984 towhich changes are to be propagated. For example, the user may be able tocheck boxes, highlight graphical representations, etc., corresponding tothe process plant items to which changes are to be propagated.

At a block 988, a user response to the prompt generated by the block 986is received. At a block 990, it may be determined if the user responseindicates that the changes are to be propagated. If the changes are notto be propagated, the routine may end. If the changes are to propagates,at a block 992, the changes are propagated to the process plant itemsidentified at the block 984. Optionally, the changes may be propagatedto selected ones of the process plant items identified at the block 984.

Although FIGS. 17, 19-22, and 24-27 were described with respect toprocess plant items, similar routines may be used for limiting accessto, tracking changes made to, propagating changes with respect tosequences of control steps to be performed by process plant items. Forexample, routines similar to those of FIGS. 17, 19-22, and 24-27 may beused to limit access to, track changes made to, propagate changes withrespect to phase classes, unit phases, and/or groups of phase classes orunit phases.

FIG. 28 is an example screen display 1000 of a user interface forconfiguring a module class object. In the screen display 1000, detailsof a module class object called “CALCULATION” are shown. The screendisplay 1000 includes an editing portion 1004 for editing the object. Asshown in FIG. 28, the CALCULATION module class object comprises amultiplier function block 1008 and an adder function block 1012. Thescreen display 1000 also includes a portion 1020 that indicatesparameters of the CALCULATION module class object that will not behidden if access to the CALCULATION module class object were limited.

Parameters that will not be hidden include a version indicator 1026 thatindicates a version of a module object created from the CALCULATIONmodule class object, and a version indicator 1028 that indicates aversion of the CALCULATION module class object.

FIG. 29 is another example screen display 1030 of a user interface fordetermining parameters of the CALCULATION module class object that willnot be hidden. The screen display 1030 includes buttons 1032 and 1034for adding and removing, respectively, parameters from the group ofparameters that will not be hidden. The screen display 1030 shows that aMULTIPLIER parameter 1038 will be added to the group of parameters thatwill not be hidden. Referring also to FIG. 28, the MULTIPLIER parameter1038 corresponds to the input “IN2” of the multiplier block 1008.

FIG. 30 is an example screen display 1040 of a user interface for adebugging application. In the screen display 1040, details of aCALCULATION_1 module object are shown. The CALCULATION_1 module objecthas been created from the CALCULATION module class object. In thisexample, access to the CALCULATION module class object has not beenlimited. Therefore, the screen display 1040 generally shows details ofthe sub-elements of which the CALCULATION_1 module object is comprised.For example, a portion 1044 shows that the CALCULATION_1 module objectcomprises the multiplier function block 1008 and the adder functionblock 1012. The screen display 1040 also includes a portion 1048 thatindicates parameters of the CALCULATION_1 module object. For example,the CALCULATION_1 module object includes the version indicators 1026 and1028 and the MULTIPLIER parameter 1038. Additionally, the screen display1040 also includes a portion 1050 that indicates function blocks ofwhich the CALCULATION_1 module object is comprised. Namely, the portion1050 indicates that the CALCULATION_1 module object comprises an adderfunction block and a multiplier function block.

FIG. 31 is the example screen display 1040 in the case in which accessto the CALCULATION module class object has been limited. Therefore, thescreen display 1040 generally does not show all the details of thesub-elements of which the CALCULATION_1 module object is comprised. Forexample, the portions 1044 and 1050 do not show that the CALCULATION_1module object comprises the multiplier function block 1008 and the adderfunction block 1012. The portion 1048, however, still indicates theparameters of the CALCULATION_1 module object.

It will be understood by those of ordinary skill in the art that variousmodifications of the techniques described herein may be employed. Forexample, the orders of blocks may be changed, blocks may be omitted, newblocks may be added, etc. Further, various techniques described hereincould be combined. For example, a routine similar to the routine 700 ofFIG. 17 could be used to protect some data associated with a moduleclass object. Then, a module template could be created 10 from themodule class object. Next, a routine similar to the routine 700 of FIG.17 could be used to protect some data associated with a module templatethat was not protected with respect to the module class object. Then, aparticular instance of the module template could be created thatincluded the protection specified with respect to the module classobject and the module template.

When implemented, any of the software described herein may be stored inany computer readable memory such as on a magnetic disk, a laser disk,or other storage medium, in a RAM or ROM of a computer or processor,etc. Likewise, this software may be delivered to a user, a process plantor an operator workstation using any known or desired delivery methodincluding, for example, on a computer readable disk or othertransportable computer storage mechanism or over a communication channelsuch as a telephone line, the Internet, the World Wide Web, any otherlocal area network or wide area network, etc. (which delivery is viewedas being the same as or interchangeable with providing such software viaa transportable storage medium). Furthermore, this software may beprovided directly without modulation or encryption or may be modulatedand/or encrypted using any suitable modulation carrier wave and/orencryption technique before being transmitted over a communicationchannel.

While the present invention has been described with reference tospecific examples, which are intended to be illustrative only and not tobe limiting of the invention, it will be apparent to those of ordinaryskill in the art that changes, additions or deletions may be made to thedisclosed embodiments without departing from the spirit and scope of theinvention.

1. A method for controlling access to data associated with a processplant, comprising: receiving via a user interface a request to access anobject representative of at least one of a process entity within theprocess plant or one or more steps to be performed by one or moreprocess entities within the process plant, the object including a globalsecurity parameter and one or more sub-element security parameterscorresponding to one or more sub-elements of the object; examining theglobal security parameter of the object to determine if access to theobject is to be limited; determining a level of access based on theexamined global security parameter, including determining whether theone or more sub-elements of the object should be hidden based on the oneor more sub-element security parameters; and providing the level ofaccess, including permitting sub-elements that should not be hidden tobe viewed and preventing sub-elements that should be hidden from beingviewed.
 2. A method as defined in claim 1, wherein receiving the requestcomprises receiving a request to view the one or more sub-elements ofthe object.
 3. A method as defined in claim 1, wherein receiving therequest comprises receiving a request to modify the object; whereindetermining the level of access further comprises determining whether toallow modification of the object, and; wherein providing the level ofaccess further comprises permitting modification of the object only ifit is determined that modification of the object is to be allowed.
 4. Amethod as defined in claim 1, wherein determining the level of accessfurther comprises determining the level of access further based oninformation associated with a user that initiated the request to accessthe object.
 5. A method as defined in claim 4, wherein determining thelevel of access further comprises determining the level of access basedon an identity of the user.
 6. A method as defined in claim 4, whereindetermining the level of access further comprises determining the levelof access based on a security access level associated with the user. 7.A method as defined in claim 4, further comprising: prompting the userto enter a password; receiving a password entered by the user; comparingthe password entered by the user with stored password data; whereindetermining the level of access further comprises determining the levelof access based on the comparison of the password entered by the userwith the stored password data.
 8. A method as defined in claim 1,wherein providing the level of access further comprises at least one ofnot permitting a user to modify the object, permitting the user tomodify the object, or permitting the user to modify only somesub-elements of which the object is comprised.
 9. A method as defined inclaim 1, wherein receiving via the user interface the request to accessthe object comprises receiving via the user interface a request toaccess a class object that generically represents the process entitywithin the process plant.
 10. A method as defined in claim 1, whereinreceiving via the user interface the request to access the objectcomprises receiving via the user interface a request to access a classobject that specifically represents the process entity within theprocess plant.
 11. A method as defined in claim 1, wherein receiving viathe user interface the request to access the object comprises receivingvia the user interface a request to access at least one of a compositetemplate, a module template, a phase class, and a unit phase.
 12. Amethod for controlling access to data associated with a process plant,comprising: receiving via a user interface a request to modify a groupof items, wherein each item in the group of items is representative ofat least one of a corresponding process entity within the process plantor one or more steps to be performed by one or more process entitieswithin the process plant, the group of items corresponding to a groupobject having a global group security parameter and a sub-elementsecurity parameter for each sub-element of the group of items; examiningthe global group security parameter to determine if access to the groupof items is to be allowed; examining a sub-element security parameterfor one or more sub-elements of the group of objects; determining if theone or more sub-elements of the group of items should be hidden based onthe examined global group security parameter and the examinedsub-element security parameter; permitting sub-elements of the group ofitems that should not be hidden to be viewed, and preventingsub-elements of the group of items that should be hidden from beingviewed; determining whether to permit modification of the group of itemsbased on the examined global group security parameter; and permittingthe group of items to be modified only if it is determined thatmodification of the group of items is to be permitted.
 13. A method asdefined in claim 12, wherein receiving the request to modify comprisesreceiving via the user interface a request to modify a group of objects,wherein each object in the group of objects is representative of atleast one of a corresponding process entity within the process plant andone or more steps to be performed by one or more process entities withinthe process plant.
 14. A method as defined in claim 13, wherein at leastone object in the group of objects generically represents acorresponding process entity within the process plant.
 15. A method asdefined in claim 13, wherein at least one object in the group of objectsspecifically represents a corresponding process entity within theprocess plant.
 16. A method as defined in claim 13, wherein at least oneobject in the group of objects comprises at least one of a compositetemplate, a module template, a phase class, and a unit phase.
 17. Amethod as defined in claim 13, wherein receiving the request to modifythe group of objects comprises at least one of: receiving a request tomodify one or more objects in the group of objects; receiving a requestto remove one or more objects from the group of objects; and receiving arequest to add one or more new objects to the group of objects.
 18. Amethod as defined in claim 12, wherein determining whether to permitmodification of the group of items based on the examined global groupsecurity parameter further comprises determining whether to permitmodification of the group of items based on the examined global groupsecurity parameter and further based on information associated with auser that initiated the request to modify the group of items.
 19. Amethod as defined in claim 18, wherein information associated with theuser comprises data indicating an identity of the user.
 20. A method asdefined in claim 18, wherein information associated with the usercomprises data indicating a security access level associated with theuser.
 21. A method as defined in claim 18, further comprising: promptingthe user to enter a password; receiving a password entered by the user;and comparing the password entered by the user with stored passworddata; wherein determining whether to permit modification of the group ofitems based on the examined global group security parameter and theinformation associated with a user that initiated the request furthercomprises determining whether to permit modification of the group ofitems based on the comparison of the password entered by the user withthe stored password data.
 22. A method for exporting data capable ofbeing associated with a process plant, comprising: receiving via a userinterface a request to export one or more objects, each object capableof representing at least one of an item in a process plant or one ormore steps to be performed by one or more process entities within theprocess plant; examining, for each object, a global security parameterof the object to determine if access to data of the object is to belimited; for each object, if access to data of the object is to belimited, encrypting the data to generate encrypted data; for eachobject, if access to data of the object is to be limited, replacing thedata with the encrypted data; and exporting the one or more objects. 23.A method as defined in claim 22, wherein at least one object in the oneor more objects generically represents a corresponding process entitywithin the process plant.
 24. A method as defined in claim 22, whereinat least one object in the one or more objects specifically represents acorresponding process entity within the process plant.
 25. A method asdefined in claim 22, wherein at least one object in the one or moreobjects comprises a composite template.
 26. A method as defined in claim22, further comprising: for each object, if access to data of the objectis to be limited, encrypting access security data associated with theobject; for each object, if access to data of the object is to belimited, replacing the access security data with the encrypted accesssecurity data.
 27. A system for facilitating configuration or viewing ofa configuration associated with at least a portion of a process plant,comprising: a computer readable medium; a processor in communicationwith the computer-readable medium; a database to store an objectrepresentative of at least one of a process entity within the processplant or one or more steps to be performed by one or more processentities within the process plant, the object having a global securityparameter and a sub-element security parameter corresponding to each ofone or more sub-elements of the object; a routine stored on thecomputer-readable medium and configured to be executed by the processorto receive via a user interface a request to access the object; examinethe global security parameter of the object to determine if access tothe object is to be limited, determine a level of access based on theexamined global security parameter, comprising determining whether theone or more of sub-elements of the object should be hidden based on theexamined global security parameter and a sub-element security parametercorresponding to the one or more sub-elements of the object, and providethe level of access, comprising permitting sub-elements that should notbe hidden to be viewed and preventing sub-elements that should be hiddenfrom being viewed.
 28. A method as defined in claim 27 wherein theroutine is configured to be executed by the processor to receive therequest to access the object via at least one of a user interfaceassociated with a configuration system, a user interface associated witha debugging system, a user interface associated with a monitoringsystem, and a user interface associated with an asset management system.29. A system for facilitating configuration or viewing of aconfiguration associated with at least a portion of a process plant,comprising: a computer readable medium; a processor in communicationwith the computer-readable medium; a database to store a group objectcorresponding to a group of items, wherein each item in the group ofitems is representative of at least one of a corresponding processentity within the process plant or one or more steps to be performed byone or more process entities within the process plant, the group objectincluding a global group security parameter and a sub-element securityparameter corresponding to each sub-element of the group of items; aroutine stored on the computer-readable medium and configured to beexecuted by the processor to receive via a user interface a request tomodify the group of items, examine the global group security parameterof the group object to determine if access to the group of items is tobe allowed; examine a sub-element security parameter corresponding toone or more sub-elements of the group of items; determine if the one ormore sub-elements of the group of items should be hidden based on theexamined global group security parameter and the examined sub-elementsecurity parameter; permit sub-elements of the group of items thatshould not be hidden to be viewed, and preventing sub-elements of thegroup of items that should be hidden from being viewed; determinewhether to permit modification of the group of items based on theexamined global group security parameter; and permit the group of itemsto be modified only if it is determined that modification of the groupof items is to be permitted.
 30. A method as defined in claim 29,wherein the routine is configured to be executed by the processor toreceive the request to modify the group of items via at least one of auser interface associated with a configuration system, a user interfaceassociated with a debugging system, a user interface associated with amonitoring system, and a user interface associated with an assetmanagement system.
 31. A configuration system for facilitatingconfiguration of a process plant, comprising: a computer readablemedium; a processor in communication with the computer-readable medium;a database to store one or more objects, each object capable ofrepresenting at least one of a process entity within the process plantor one or more steps to be performed by one or more process entitieswithin the process plant; a configuration routine stored on thecomputer-readable medium and configured to be executed by the processorto receive via a user interface a request to export some or all of theone or more objects; examining, for each object, a global securityparameter of the object to determine if access to data of the object isto be limited; for each object, if access to data of the object is to belimited, encrypting the data to generate encrypted data; for eachobject, if access to data of the object is to be limited, replacing thedata with the encrypted data; and exporting the some or all of the oneor more objects.